Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

Low Risk

n8n is vulnerable to Denial of Service (DoS)

Upgrade the n8n library to the patch version.

Jun 16, 2025

AIKIDO-2025-10378

NO CVE

Low Risk

rav1e is vulnerable to Integer Overflow

Upgrade the rav1e library to the patch version.

Jun 16, 2025

AIKIDO-2025-10377

NO CVE

High Risk

flask-oidc is vulnerable to Open Redirect

Upgrade the flask-oidc library to the patch version.

Jun 16, 2025

AIKIDO-2025-10376

NO CVE

Low Risk

keycloak-angular is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the keycloak-angular library to the patch version.

Jun 16, 2025

AIKIDO-2025-10375

NO CVE

Low Risk

unleash-server is vulnerable to Use of Weak Hash

Upgrade the unleash-server library to the patch version.

Jun 16, 2025

AIKIDO-2025-10374

NO CVE

Low Risk

github.com/bitnami-labs/sealed-secrets is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the github.com/bitnami-labs/sealed-secrets library to the patch version.

Jun 16, 2025

AIKIDO-2025-10373

NO CVE

Medium Risk

jwt is vulnerable to Improper Verification of Cryptographic Signature

Upgrade the jwt library to the patch version.

Jun 16, 2025

AIKIDO-2025-10372

NO CVE

Low Risk

box-sdk-gen is vulnerable to Observable Timing Discrepancy

Upgrade the box-sdk-gen library to the patch version.

Jun 13, 2025

AIKIDO-2025-10371

NO CVE

Low Risk

box-typescript-sdk-gen is vulnerable to Observable Timing Discrepancy

Upgrade the box-typescript-sdk-gen library to the patch version.

Jun 13, 2025

AIKIDO-2025-10370

NO CVE

High Risk

promptflow-evals is vulnerable to Remote Code Execution (RCE)

Upgrade the promptflow-evals library to the patch version.

Jun 12, 2025

AIKIDO-2025-10369

NO CVE

Medium Risk

boxcar is vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Upgrade the boxcar library to the patch version.

Jun 12, 2025

AIKIDO-2025-10368

NO CVE

Low Risk

box-node-sdk is vulnerable to Observable Timing Discrepancy

Upgrade the box-node-sdk library to the patch version.

Jun 12, 2025

AIKIDO-2025-10367

NO CVE

Low Risk

github.com/livekit/protocol is vulnerable to Exposure of Sensitive Information

Upgrade the github.com/livekit/protocol library to the patch version.

Jun 11, 2025

AIKIDO-2025-10366

NO CVE

Low Risk

vllm is vulnerable to Information Disclosure

Upgrade the vllm library to the patch version.

Jun 11, 2025

AIKIDO-2025-10365

NO CVE

Medium Risk

laravel/fortify is vulnerable to Session Fixation

Upgrade the laravel/fortify library to the patch version.

Jun 11, 2025

AIKIDO-2025-10364

NO CVE

Low Risk

laravel/framework is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the laravel/framework library to the patch version.

Jun 11, 2025

AIKIDO-2025-10363

NO CVE

High Risk

github.com/cosmwasm/wasmd is vulnerable to Improper Check or Handling of Exceptional Conditions

Upgrade the github.com/cosmwasm/wasmd library to the patch version.

Jun 10, 2025

AIKIDO-2025-10362

NO CVE

High Risk

kyon147/laravel-shopify is vulnerable to Information Disclosure

Upgrade the kyon147/laravel-shopify library to the patch version.

Jun 10, 2025

AIKIDO-2025-10361

NO CVE

Low Risk

drf-standardized-errors is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the drf-standardized-errors library to the patch version.

Jun 10, 2025

AIKIDO-2025-10360

NO CVE

High Risk

github.com/gogs/gogs is vulnerable to Path Traversal

Upgrade the github.com/gogs/gogs library to the patch version.

Jun 10, 2025

AIKIDO-2025-10359

NO CVE

Low Risk

ip-num is vulnerable to Uncaught Exception

Upgrade the ip-num library to the patch version.

Jun 10, 2025

AIKIDO-2025-10358

NO CVE

Medium Risk

@cloudflare/workerd-darwin-64 is vulnerable to Use after free

Upgrade the @cloudflare library to the patch version.

Jun 9, 2025

AIKIDO-2025-10357

CVE-2024-8008

Medium Risk

org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS)

Upgrade the org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui library to a patch version.

Jun 9, 2025

AIKIDO-2025-10356

NO CVE

Medium Risk

litellm is vulnerable to SQL Injection

Upgrade the litellm library to the patch version.

Jun 9, 2025

AIKIDO-2025-10355

NO CVE

Medium Risk

spectator-ext-ipcservlet is vulnerable to Improper Input Validation

Upgrade the com.netflix.spectator:spectator-ext-ipcservlet library to the patch version.

Jun 6, 2025

AIKIDO-2025-10354

NO CVE

High Risk

django-guardian is vulnerable to Improper Authorization

Upgrade the django-guardian library to the patch version.

Jun 6, 2025

AIKIDO-2025-10353

CVE-2025-48953

Medium Risk

Umbraco.Cms is vulnerable to Unrestricted Upload of File with Dangerous Type

Upgrade the Umbraco.Cms library to the patch version.

Jun 6, 2025

AIKIDO-2025-10352

NO CVE

Medium Risk

@nextcloud/l10n is vulnerable to Prototype Pollution

Upgrade the @nextcloud/l10n library to the patch version.

Jun 6, 2025

AIKIDO-2025-10351

CVE-2025-5419

High Risk

electron is vulnerable to Out-of-bounds Read

Upgrade the electron library to the patch version.

Jun 6, 2025

AIKIDO-2025-10350

NO CVE

High Risk

ra-data-local-storage is vulnerable to Prototype Pollution

Upgrade the ra-data-local-storage library to a patch version.

Jun 4, 2025

AIKIDO-2025-10349

NO CVE

Low Risk

vyper is vulnerable to Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

Upgrade the vyper library to the patch version.

Jun 4, 2025

AIKIDO-2025-10348

NO CVE

High Risk

SharpCompress is vulnerable to Out-of-Bounds Read

Upgrade the SharpCompress library to the patch version.

Jun 4, 2025

AIKIDO-2025-10347

NO CVE

High Risk

n8n-nodes-base is vulnerable to Prototype Pollution

Upgrade the n8n-nodes-base library to the patch version.

Jun 3, 2025

AIKIDO-2025-10346

NO CVE

Medium Risk

haystack-ai is vulnerable to Regular Expression Denial-of-service (ReDoS)

Upgrade the haystack-ai library to the patch version.

Jun 3, 2025

AIKIDO-2025-10345

NO CVE

Low Risk

@metamask/assets-controllers is vulnerable to Client-Side Injection Attacks

Upgrade the @metamask/assets-controllers library to the patch version.

Jun 3, 2025

AIKIDO-2025-10344

NO CVE

Low Risk

hwi/oauth-bundle is vulnerable to Generation of Weak Initialization Vector (IV)

Upgrade the hwi/oauth-bundle library to a patch version.

Jun 3, 2025

AIKIDO-2025-10343

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.