Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

CVE-2025-3260

High Risk

Grafana is vulnerable to Improper Access Control

Upgrade the Grafana library to the patch version.

Apr 25, 2025

AIKIDO-2025-10269

CVE-2025-3454

Medium Risk

Grafana is vulnerable to Authorization Bypass

Upgrade the Grafana library to the patch version.

Apr 25, 2025

AIKIDO-2025-10268

NO CVE

Medium Risk

markdown-to-jsx is vulnerable to Cross-site Scripting (XSS)

Upgrade the markdown-to-jsx library to the patch version.

Apr 25, 2025

AIKIDO-2025-10267

CVE-2025-22234

Medium Risk

spring-security-crypto is vulnerable to Observable Timing Discrepancy

Upgrade the org.springframework.security:spring-security-crypto library to the patch version.

Apr 24, 2025

AIKIDO-2025-10266

NO CVE

High Risk

billboard.js is vulnerable to Prototype Pollution

Upgrade the billboard.js library to the patch version.

Apr 23, 2025

AIKIDO-2025-10265

NO CVE

Medium Risk

@fuels/vm-asm is vulnerable to Heap Inspection

Upgrade the @fuels/vm-asm library to the patch version.

Apr 23, 2025

AIKIDO-2025-10264

NO CVE

Medium Risk

tecnick.com/tcpdf is vulnerable to Path Traversal

Upgrade the tecnick.com/tcpdf library to the patch version.

Apr 22, 2025

AIKIDO-2025-10263

NO CVE

Critical

tecnickcom/tcpdf is vulnerable to Deserialization of Untrusted Data

Upgrade the tecnickcom/tcpdf library to the patch version.

Apr 22, 2025

AIKIDO-2025-10262

CVE-2024-39694

Medium Risk

Ocelot is vulnerable to Open Redirect

Upgrade the Ocelot library to the patch version.

Apr 22, 2025

AIKIDO-2025-10261

NO CVE

Medium Risk

mailauth is vulnerable to Prototype Pollution

Upgrade the mailauth library to the patch version.

Apr 22, 2025

AIKIDO-2025-10260

CVE-2025-32791

Medium Risk

@backstage/plugin-permission-backend is vulnerable to Exposure of Sensitive Information Due to Incompatible Policies

Upgrade the @backstage/plugin-permission-backend library to the patch version.

Apr 22, 2025

AIKIDO-2025-10259

NO CVE

High Risk

github.com/traefik/traefik/v3 is vulnerable to Path Traversal

Upgrade the github.com/traefik/traefik/v3 library to the patch version.

Apr 22, 2025

AIKIDO-2025-10258

NO CVE

Low Risk

php-fpm is vulnerable to Use-After-Free

Upgrade the php-fpm library to a patch version.

Apr 22, 2025

AIKIDO-2025-10257

NO CVE

Medium Risk

array-init-cursor is vulnerable to Operation on a Resource after Expiration or Release

Upgrade the array-init-cursor library to the patch version.

Apr 22, 2025

AIKIDO-2025-10256

NO CVE

Medium Risk

@pandacss/studio is vulnerable to Prototype Pollution

Upgrade the @pandacss/studio library to the patch version.

Apr 22, 2025

AIKIDO-2025-10255

NO CVE

High Risk

craftcms/cms is vulnerable to Remote Code Execution (RCE)

Upgrade the craftcms/cms library to the patch version.

Apr 22, 2025

AIKIDO-2025-10254

NO CVE

Medium Risk

@milkdown/core is vulnerable to Cross-site Scripting (XSS)

Upgrade the @milkdown/core library to the patch version.

Apr 20, 2025

AIKIDO-2025-10253

NO CVE

Critical

pywb is vulnerable to Path Traversal

Upgrade the pywb library to the patch version.

Apr 18, 2025

AIKIDO-2025-10252

NO CVE

Low Risk

i18next-http-middleware is vulnerable to Cross-site Scripting (XSS)

Upgrade the i18next-http-middleware library to the patch version.

Apr 18, 2025

AIKIDO-2025-10251

NO CVE

Low Risk

i18next-browser-languagedetector is vulnerable to Cross-site Scripting (XSS)

Upgrade the i18next-browser-languagedetector library to the patch version.

Apr 18, 2025

AIKIDO-2025-10250

NO CVE

Low Risk

aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions

Upgrade the aws-cdk-lib library to the patch version.

Apr 18, 2025

AIKIDO-2025-10249

NO CVE

Low Risk

@photo-sphere-viewer/core is vulnerable to Prototype Pollution

Upgrade the @photo-sphere-viewer/core library to the patch version.

Apr 18, 2025

AIKIDO-2025-10248

NO CVE

Medium Risk

gevent is vulnerable to HTTP Request/Response Smuggling

Upgrade the gevent library to the patch version.

Apr 18, 2025

AIKIDO-2025-10247

GHSA-37cp-fgq5-7wc2

Critical

erlang is vulnerable to Authentication Bypass

Upgrade the erlang library to the patch version.

Apr 17, 2025

AIKIDO-2025-10246

NO CVE

High Risk

github.com/traefik/traefik/v2 is vulnerable to Path Traversal

Upgrade the github.com/traefik/traefik/v2 library to the patch version.

Apr 17, 2025

AIKIDO-2025-10245

NO CVE

Low Risk

citeproc-java is vulnerable to Cross-site Scripting (XSS)

Upgrade the de.undercouch:citeproc-java library to the patch version.

Apr 17, 2025

AIKIDO-2025-10244

GHSA-pqhp-25j4-6hq9

Low Risk

smol-toml is vulnerable to Uncontrolled Recursion

Upgrade the smol-toml library to the patch version.

Apr 17, 2025

AIKIDO-2025-10243

NO CVE

Low Risk

putyourlightson/craft-sprig is vulnerable to Cross-site Scripting (XSS)

Upgrade the putyourlightson/craft-sprig library to the patch version.

Apr 17, 2025

AIKIDO-2025-10242

CVE-2024-29195

Medium Risk

Azure.azure-c-shared-utility is vulnerable to Heap Buffer Overflow

Upgrade the Azure.azure-c-shared-utility library to a patch version.

Apr 17, 2025

AIKIDO-2025-10241

NO CVE

Medium Risk

mysql-connector-python is vulnerable to Arbitrary File Read

Upgrade the mysql-connector-python library to the patch version or disable the local_infile option.

Apr 16, 2025

AIKIDO-2025-10240

CVE-2025-29927

High Risk

inference is vulnerable to Improper Authorization

Upgrade the inference library to the patch version.

Apr 15, 2025

AIKIDO-2025-10239

NO CVE

Medium Risk

@webiny/api-file-manager is vulnerable to Improper Input Validation

Upgrade the @webiny/api-file-manager library to the patch version.

Apr 15, 2025

AIKIDO-2025-10238

NO CVE

Low Risk

aioesphomeapi is vulnerable to Authentication Bypass by Spoofing

Upgrade the aioesphomeapi library to the patch version.

Apr 15, 2025

AIKIDO-2025-10237

NO CVE

Medium Risk

@webiny/api-file-manager-s3 is vulnerable to Improper Input Validation

Upgrade the @webiny/api-file-manager-s3 library to the patch version.

Apr 15, 2025

AIKIDO-2025-10236

NO CVE

Medium Risk

silverstripe/cms is vulnerable to Cross-site Scripting (XSS)

Upgrade the silverstripe/cms library to the patch version.

Apr 14, 2025

AIKIDO-2025-10235

NO CVE

High Risk

verbb/formie is vulnerable to Cross-site Scripting (XSS)

Upgrade the verbb/formie library to the patch version.

Apr 14, 2025

AIKIDO-2025-10234

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.