Powered by AI + Aikido Research Team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
1
2
0
7
malware
2
5
2
9
0
NO CVE
Medium Risklibyml is vulnerable to Use of Unmaintained Third Party Components
Remove any libyml package from your application. Please take a look at <a href="https://crates.io/crates/libyaml-safer">libyaml-safer</a> instead.
Sep 15, 2025
AIKIDO-2025-10642
NO CVE
Medium Riskserde_yml is vulnerable to Use of Unmaintained Third Party Components
Remove any serde_yml package from your application. Please take a look at <a href="https://crates.io/crates/serde_norway">serde_norway</a> instead.
Sep 15, 2025
AIKIDO-2025-10641
NO CVE
Medium Risksirv is vulnerable to Path Traversal
Upgrade the sirv library to the patch version.
Sep 15, 2025
AIKIDO-2025-10640
NO CVE
Medium Risk@mastra/mcp-docs-server is vulnerable to Path Traversal
Upgrade the @mastra/mcp-docs-server library to the patch version.
Sep 15, 2025
AIKIDO-2025-10639
NO CVE
Low Riskgithub.com/valyala/fasthttp is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Upgrade the github.com/valyala/fasthttp library to the patch version.
Sep 15, 2025
AIKIDO-2025-10638
NO CVE
Medium Riskreact-native-exponea-sdk is vulnerable to Improper Export of Android Application Components
Upgrade the react-native-exponea-sdk library to the patch version.
Sep 11, 2025
AIKIDO-2025-10637
NO CVE
Medium Riskreact-photoswipe-gallery is vulnerable to Cross-site Scripting (XSS)
Upgrade the react-photoswipe-gallery library to the patch version.
Sep 11, 2025
AIKIDO-2025-10636
NO CVE
Low Riskmatrix-sdk-base is vulnerable to Undefined Behavior
Upgrade the matrix-sdk-base library to the patch version or avoid calling RoomMember::normalized_power_level().
Sep 11, 2025
AIKIDO-2025-10635
NO CVE
Low Riskzapier-platform-core is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the zapier-platform-core library to the patch version.
Sep 11, 2025
AIKIDO-2025-10634
NO CVE
Low Riskrumqttc is vulnerable to Timing Attacks
Upgrade the rumqttc library to the patch version.
Sep 11, 2025
AIKIDO-2025-10633
CVE-2025-41243
Critical spring-cloud-gateway-server is vulnerable to Expression Language Injection
Upgrade the org.springframework.cloud:spring-cloud-gateway-server library to a patch version.
Sep 11, 2025
AIKIDO-2025-10632
NO CVE
Low Riskinflux is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the influx library to the patch version.
Sep 11, 2025
AIKIDO-2025-10631
NO CVE
High RiskSparkle is vulnerable to Improper Access Control
Upgrade the Sparkle library to the patch version.
Sep 11, 2025
AIKIDO-2025-10630
NO CVE
Low Risk@zowe/secrets-for-zowe-sdk is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the @zowe/secrets-for-zowe-sdk library to the patch version.
Sep 11, 2025
AIKIDO-2025-10629
NO CVE
Low Riskastro is vulnerable to Inefficient Regular Expression Complexity
Upgrade the astro library to the patch version.
Sep 11, 2025
AIKIDO-2025-10628
NO CVE
Low Riskangular-auth-oidc-client is vulnerable to Origin Validation Error
Upgrade the angular-auth-oidc-client library to the patch version.
Sep 10, 2025
AIKIDO-2025-10627
NO CVE
Low Riskgithub.com/opencontainers/umoci is vulnerable to Uncontrolled Resource Consumption
Upgrade the github.com/opencontainers/umoci library to the patch version.
Sep 10, 2025
AIKIDO-2025-10626
NO CVE
High RiskAkavache is vulnerable to Path Traversal
Upgrade the Akavache library to the patch version.
Sep 10, 2025
AIKIDO-2025-10625
CVE-2025-57833
High Riskdjango is vulnerable to SQL Injection
Upgrade the django library to the patch version.
Sep 9, 2025
AIKIDO-2025-10624
NO CVE
Critical pydantic-evals is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Upgrade the pydantic-evals library to the patch version.
Sep 9, 2025
AIKIDO-2025-10623
NO CVE
Medium Risktoodee is vulnerable to Heap-based Buffer Overflow
Upgrade the toodee library to the patch version.
Sep 9, 2025
AIKIDO-2025-10622
NO CVE
Medium Riskservo-fontconfig is vulnerable to Use of Unmaintained Third Party Components
Remove any servo-fontconfig package from your application. Please take a look at <a href="https://crates.io/crates/fontconfig-rs">fontconfig-rs</a> instead.
Sep 9, 2025
AIKIDO-2025-10621
NO CVE
Medium Riskiron is vulnerable to Use of Unmaintained Third Party Components
Remove any iron package from your application. Please take a look at this <a href="https://github.com/flosse/rust-web-framework-comparison#server-frameworks">comparison</a> for popular alternatives.
Sep 9, 2025
AIKIDO-2025-10620
NO CVE
Medium Riskcustom_derive is vulnerable to Use of Unmaintained Third Party Components
Remove any custom_derive package from your application. Please take a look at <a href="https://crates.io/crates/strum">strum</a> or <a href="https://crates.io/crates/macro-attr">macro-attr</a> instead.
Sep 9, 2025
AIKIDO-2025-10619
NO CVE
Medium Riskadler is vulnerable to Use of Unmaintained Third Party Components
Remove any adler package from your application. Please take a look at <a href="https://crates.io/crates/adler2">adler2</a> instead.
Sep 9, 2025
AIKIDO-2025-10618
NO CVE
Medium Riskfxhash is vulnerable to Use of Unmaintained Third Party Components
Remove any fxhash package from your application. Please take a look at <a href="https://github.com/rust-lang/rustc-hash">rustc-hash</a> instead.
Sep 9, 2025
AIKIDO-2025-10617
NO CVE
Low Riskgithub.com/buildkite/agent/v3 is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the github.com/buildkite/agent/v3 library to the patch version.
Sep 9, 2025
AIKIDO-2025-10616
NO CVE
High Risktf-keras is vulnerable to Deserialization of Untrusted Data
Upgrade the tf-keras library to the patch version.
Sep 9, 2025
AIKIDO-2025-10615
NO CVE
Medium Riskworkerd is vulnerable to Use After Free
Upgrade the workerd library to the patch version.
Sep 9, 2025
AIKIDO-2025-10614
NO CVE
Low Riskbotbuilder is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the botbuilder library to the patch version.
Sep 9, 2025
AIKIDO-2025-10613
NO CVE
High Riskbotbuilder-core is vulnerable to Path Traversal
Upgrade the botbuilder-core library to the patch version.
Sep 9, 2025
AIKIDO-2025-10612
NO CVE
High Riskpinterest-api-sdk is vulnerable to Deserialization of Untrusted Data
Upgrade the pinterest-api-sdk library to the patch version.
Sep 9, 2025
AIKIDO-2025-10611
NO CVE
Low Riskslatedb is vulnerable to Integer Overflow
Upgrade the slatedb library to the patch version.
Sep 9, 2025
AIKIDO-2025-10610
NO CVE
Medium Risk@mastra/mcp-docs-server is vulnerable to Path Traversal
Upgrade the @mastra/mcp-docs-server library to the patch version.
Sep 9, 2025
AIKIDO-2025-10609
NO CVE
Medium Risktext-to-image is vulnerable to Inefficient Regular Expression Complexity
Upgrade the text-to-image library to the patch version.
Sep 9, 2025
AIKIDO-2025-10608
NO CVE
High Riskbrowser-use is vulnerable to Authorization Bypass Through User-Controlled Key
Upgrade the browser-use library to the patch version or explicitly set disable_security to False.
Sep 9, 2025
AIKIDO-2025-10607
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.