Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

Medium Risk

@havesource/cordova-plugin-push is vulnerable to Improper Export of Android Application Components

Upgrade the @havesource/cordova-plugin-push library to the patch version.

Jul 1, 2025

AIKIDO-2025-10428

NO CVE

High Risk

pimcore/admin-ui-classic-bundle is vulnerable to Cross-Site Scripting (XSS)

Upgrade the pimcore/admin-ui-classic-bundle library to the patch version.

Jul 1, 2025

AIKIDO-2025-10427

NO CVE

Medium Risk

govuk-prototype-kit is vulnerable to Open Redirect

Upgrade the govuk-prototype-kit library to the patch version.

Jul 1, 2025

AIKIDO-2025-10426

NO CVE

High Risk

sonic-rs is vulnerable to Use After Free

Upgrade the sonic-rs library to the patch version.

Jul 1, 2025

AIKIDO-2025-10425

NO CVE

Low Risk

repomix is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the repomix library to the patch version.

Jun 30, 2025

AIKIDO-2025-10424

NO CVE

Low Risk

github.com/filebrowser/filebrowser/v2 is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version.

Jun 30, 2025

AIKIDO-2025-10423

CVE-2025-0187

Low Risk

gradio is vulnerable to Denial of Service (DoS)

Upgrade the gradio library to the patch version or turn off overflow checking.

Jun 30, 2025

AIKIDO-2025-10422

CVE-2025-6444

Medium Risk

ServiceStack.Text is vulnerable to External Control of File Name or Path

Upgrade the ServiceStack.Text library to the patch version.

Jun 30, 2025

AIKIDO-2025-10421

CVE-2025-6445

Critical

ServiceStack.Text is vulnerable to Unsafe Deserialization

Upgrade the ServiceStack.Text library to the patch version.

Jun 30, 2025

AIKIDO-2025-10420

NO CVE

Medium Risk

googleads/google-ads-php is vulnerable to Exposure of Sensitive Information

Upgrade the googleads/google-ads-php library to a patch version.

Jun 30, 2025

AIKIDO-2025-10419

NO CVE

High Risk

Kanna is vulnerable to Use-After-Free

Upgrade the Kanna library to the patch version.

Jun 27, 2025

AIKIDO-2025-10418

NO CVE

Medium Risk

highlightjs-cshtml-razor is vulnerable to Regular Expression Denial of Service (ReDoS)

Upgrade the highlightjs-cshtml-razor library to the patch version.

Jun 27, 2025

AIKIDO-2025-10417

NO CVE

Medium Risk

ueberdosis/tiptap-php is vulnerable to Cross-site Scripting (XSS)

Upgrade the ueberdosis/tiptap-php library to the patch version.

Jun 27, 2025

AIKIDO-2025-10416

NO CVE

Medium Risk

drupal/simple_sitemap is vulnerable to Cross-site Scripting (XSS)

Upgrade the drupal/simple_sitemap library to a patch version.

Jun 26, 2025

AIKIDO-2025-10415

NO CVE

Low Risk

pydantic-ai-slim is vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer

Upgrade pydantic-ai-slim to the patch version and set include_content=False or make sure no OpenTelemetry events are sent in your production environment.

Jun 26, 2025

AIKIDO-2025-10414

NO CVE

Medium Risk

openai-whisper is vulnerable to Unsafe Deserialization

Upgrade the openai-whisper library to the patch version.

Jun 26, 2025

AIKIDO-2025-10413

NO CVE

Critical

github.com/filebrowser/filebrowser/v2 is vulnerable to Remote Code Execution (RCE)

Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version or disable the command execution feature with --disable-exec=true.

Jun 26, 2025

AIKIDO-2025-10412

NO CVE

Medium Risk

@prismatic-io/prism is vulnerable to Code Injection

Upgrade the @prismatic-io/prism library to the patch version.

Jun 26, 2025

AIKIDO-2025-10411

NO CVE

Low Risk

github.com/datadog/dd-trace-go/contrib/database/sql/v2 is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the github.com/datadog/dd-trace-go/contrib/database/sql/v2 library to the patch version.

Jun 25, 2025

AIKIDO-2025-10410

NO CVE

Medium Risk

pocoproject.poco is vulnerable to Integer Overflow

Upgrade the pocoproject.poco library to the patch version.

Jun 25, 2025

AIKIDO-2025-10409

CVE-2024-38449

High Risk

kasmtech.KasmVNC is vulnerable to Path Traversal

Upgrade the kasmtech.KasmVNC library to the patch version.

Jun 25, 2025

AIKIDO-2025-10408

CVE-2024-5197

Medium Risk

webmproject.libvpx is vulnerable to Integer Overflow

Upgrade the webmproject.libvpx library to the patch version.

Jun 24, 2025

AIKIDO-2025-10407

CVE-2025-24855

High Risk

GNOME.libxslt is vulnerable to Use-After-Free

Upgrade the GNOME.libxslt library to the patch version.

Jun 24, 2025

AIKIDO-2025-10406

NO CVE

Low Risk

cvxpy.cvxpy is vulnerable to Integer Overflow

Upgrade the cvxpy.cvxpy library to the patch version.

Jun 24, 2025

AIKIDO-2025-10405

CVE-2024-5594

Low Risk

OpenVPN.openvpn is vulnerable to Improper Validation of Specified Type of Input

Upgrade the OpenVPN.openvpn library to the patch version.

Jun 24, 2025

AIKIDO-2025-10404

CVE-2025-2704

Low Risk

OpenVPN.openvpn is vulnerable to Improper Check for Unusual or Exceptional Conditions

Upgrade the OpenVPN.openvpn library to the patch version.

Jun 24, 2025

AIKIDO-2025-10403

NO CVE

Low Risk

mongodb.libmongocrypt is vulnerable to Double Free

Upgrade the mongodb.libmongocrypt library to the patch version.

Jun 24, 2025

AIKIDO-2025-10402

NO CVE

Medium Risk

jsoup is vulnerable to Cross-site Scripting (XSS)

Upgrade the org.jsoup:jsoup library to the patch version.

Jun 24, 2025

AIKIDO-2025-10401

NO CVE

Low Risk

github.com/getsentry/sentry-go is vulnerable to Exposure of Sensitive Information

Upgrade the github.com/getsentry/sentry-go library to a patch version.

Jun 24, 2025

AIKIDO-2025-10400

NO CVE

Low Risk

jwt is vulnerable to Insufficient Verification of Data Authenticity

Upgrade the jwt library to the patch version.

Jun 24, 2025

AIKIDO-2025-10399

CVE-2025-50181

Medium Risk

urllib3-future is vulnerable to URL Redirection to Untrusted Site ('Open Redirect')

Upgrade the urllib3-future library to the patch version.

Jun 23, 2025

AIKIDO-2025-10398

CVE-2025-34510

Critical

Sitecore.Client is vulnerable to Zip Slip

Upgrade Sitecore.Client to the patch version.

Jun 23, 2025

AIKIDO-2025-10397

NO CVE

Medium Risk

solid_cable is vulnerable to Race Condition

Upgrade the solid_cable library to the patch version.

Jun 23, 2025

AIKIDO-2025-10396

NO CVE

Low Risk

zotonic_stdlib is vulnerable to Cross-site Scripting (XSS)

Upgrade the zotonic_stdlib library to the patch version.

Jun 23, 2025

AIKIDO-2025-10395

NO CVE

Medium Risk

datamodel-code-generator is vulnerable to Code Injection

Upgrade the datamodel-code-generator library to the patch version.

Jun 23, 2025

AIKIDO-2025-10394

CVE-2022-36943

Critical

SSZipArchive is vulnerable to Path Traversal

Upgrade the SSZipArchive library to the patch version.

Jun 23, 2025

AIKIDO-2025-10393

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.