aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

8

3

8

aikido intel logo

malware

8

8

2

7

CVE-2025-3260
High Risk
Grafana is vulnerable to Improper Access Control
Upgrade the Grafana library to the patch version.
Apr 25, 2025
AIKIDO-2025-10269
CVE-2025-3454
Medium Risk
Grafana is vulnerable to Authorization Bypass
Upgrade the Grafana library to the patch version.
Apr 25, 2025
AIKIDO-2025-10268
NO CVE
Medium Risk
markdown-to-jsx is vulnerable to Cross-site Scripting (XSS)
Upgrade the markdown-to-jsx library to the patch version.
Apr 25, 2025
AIKIDO-2025-10267
CVE-2025-22234
Medium Risk
spring-security-crypto is vulnerable to Observable Timing Discrepancy
Upgrade the org.springframework.security:spring-security-crypto library to the patch version.
Apr 24, 2025
AIKIDO-2025-10266
NO CVE
High Risk
billboard.js is vulnerable to Prototype Pollution
Upgrade the billboard.js library to the patch version.
Apr 23, 2025
AIKIDO-2025-10265
NO CVE
Medium Risk
@fuels/vm-asm is vulnerable to Heap Inspection
Upgrade the @fuels/vm-asm library to the patch version.
Apr 23, 2025
AIKIDO-2025-10264
NO CVE
Medium Risk
tecnick.com/tcpdf is vulnerable to Path Traversal
Upgrade the tecnick.com/tcpdf library to the patch version.
Apr 22, 2025
AIKIDO-2025-10263
NO CVE
Critical
tecnickcom/tcpdf is vulnerable to Deserialization of Untrusted Data
Upgrade the tecnickcom/tcpdf library to the patch version.
Apr 22, 2025
AIKIDO-2025-10262
CVE-2024-39694
Medium Risk
Ocelot is vulnerable to Open Redirect
Upgrade the Ocelot library to the patch version.
Apr 22, 2025
AIKIDO-2025-10261
NO CVE
Medium Risk
mailauth is vulnerable to Prototype Pollution
Upgrade the mailauth library to the patch version.
Apr 22, 2025
AIKIDO-2025-10260
CVE-2025-32791
Medium Risk
@backstage/plugin-permission-backend is vulnerable to Exposure of Sensitive Information Due to Incompatible Policies
Upgrade the @backstage/plugin-permission-backend library to the patch version.
Apr 22, 2025
AIKIDO-2025-10259
NO CVE
High Risk
github.com/traefik/traefik/v3 is vulnerable to Path Traversal
Upgrade the github.com/traefik/traefik/v3 library to the patch version.
Apr 22, 2025
AIKIDO-2025-10258
NO CVE
Low Risk
php-fpm is vulnerable to Use-After-Free
Upgrade the php-fpm library to a patch version.
Apr 22, 2025
AIKIDO-2025-10257
NO CVE
Medium Risk
array-init-cursor is vulnerable to Operation on a Resource after Expiration or Release
Upgrade the array-init-cursor library to the patch version.
Apr 22, 2025
AIKIDO-2025-10256
NO CVE
Medium Risk
@pandacss/studio is vulnerable to Prototype Pollution
Upgrade the @pandacss/studio library to the patch version.
Apr 22, 2025
AIKIDO-2025-10255
NO CVE
High Risk
craftcms/cms is vulnerable to Remote Code Execution (RCE)
Upgrade the craftcms/cms library to the patch version.
Apr 22, 2025
AIKIDO-2025-10254
NO CVE
Medium Risk
@milkdown/core is vulnerable to Cross-site Scripting (XSS)
Upgrade the @milkdown/core library to the patch version.
Apr 20, 2025
AIKIDO-2025-10253
NO CVE
Critical
pywb is vulnerable to Path Traversal
Upgrade the pywb library to the patch version.
Apr 18, 2025
AIKIDO-2025-10252
NO CVE
Low Risk
i18next-http-middleware is vulnerable to Cross-site Scripting (XSS)
Upgrade the i18next-http-middleware library to the patch version.
Apr 18, 2025
AIKIDO-2025-10251
NO CVE
Low Risk
i18next-browser-languagedetector is vulnerable to Cross-site Scripting (XSS)
Upgrade the i18next-browser-languagedetector library to the patch version.
Apr 18, 2025
AIKIDO-2025-10250
NO CVE
Low Risk
aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions
Upgrade the aws-cdk-lib library to the patch version.
Apr 18, 2025
AIKIDO-2025-10249
NO CVE
Low Risk
@photo-sphere-viewer/core is vulnerable to Prototype Pollution
Upgrade the @photo-sphere-viewer/core library to the patch version.
Apr 18, 2025
AIKIDO-2025-10248
NO CVE
Medium Risk
gevent is vulnerable to HTTP Request/Response Smuggling
Upgrade the gevent library to the patch version.
Apr 18, 2025
AIKIDO-2025-10247
GHSA-37cp-fgq5-7wc2
Critical
erlang is vulnerable to Authentication Bypass
Upgrade the erlang library to the patch version.
Apr 17, 2025
AIKIDO-2025-10246
NO CVE
High Risk
github.com/traefik/traefik/v2 is vulnerable to Path Traversal
Upgrade the github.com/traefik/traefik/v2 library to the patch version.
Apr 17, 2025
AIKIDO-2025-10245
NO CVE
Low Risk
citeproc-java is vulnerable to Cross-site Scripting (XSS)
Upgrade the de.undercouch:citeproc-java library to the patch version.
Apr 17, 2025
AIKIDO-2025-10244
GHSA-pqhp-25j4-6hq9
Low Risk
smol-toml is vulnerable to Uncontrolled Recursion
Upgrade the smol-toml library to the patch version.
Apr 17, 2025
AIKIDO-2025-10243
NO CVE
Low Risk
putyourlightson/craft-sprig is vulnerable to Cross-site Scripting (XSS)
Upgrade the putyourlightson/craft-sprig library to the patch version.
Apr 17, 2025
AIKIDO-2025-10242
CVE-2024-29195
Medium Risk
Azure.azure-c-shared-utility is vulnerable to Heap Buffer Overflow
Upgrade the Azure.azure-c-shared-utility library to a patch version.
Apr 17, 2025
AIKIDO-2025-10241
NO CVE
Medium Risk
mysql-connector-python is vulnerable to Arbitrary File Read
Upgrade the mysql-connector-python library to the patch version or disable the local_infile option.
Apr 16, 2025
AIKIDO-2025-10240
CVE-2025-29927
High Risk
inference is vulnerable to Improper Authorization
Upgrade the inference library to the patch version.
Apr 15, 2025
AIKIDO-2025-10239
NO CVE
Medium Risk
@webiny/api-file-manager is vulnerable to Improper Input Validation
Upgrade the @webiny/api-file-manager library to the patch version.
Apr 15, 2025
AIKIDO-2025-10238
NO CVE
Low Risk
aioesphomeapi is vulnerable to Authentication Bypass by Spoofing
Upgrade the aioesphomeapi library to the patch version.
Apr 15, 2025
AIKIDO-2025-10237
NO CVE
Medium Risk
@webiny/api-file-manager-s3 is vulnerable to Improper Input Validation
Upgrade the @webiny/api-file-manager-s3 library to the patch version.
Apr 15, 2025
AIKIDO-2025-10236
NO CVE
Medium Risk
silverstripe/cms is vulnerable to Cross-site Scripting (XSS)
Upgrade the silverstripe/cms library to the patch version.
Apr 14, 2025
AIKIDO-2025-10235
NO CVE
High Risk
verbb/formie is vulnerable to Cross-site Scripting (XSS)
Upgrade the verbb/formie library to the patch version.
Apr 14, 2025
AIKIDO-2025-10234

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.