Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

High Risk

github.com/cosmwasm/wasmd is vulnerable to Improper Check or Handling of Exceptional Conditions

Upgrade the github.com/cosmwasm/wasmd library to the patch version.

Jun 10, 2025

AIKIDO-2025-10362

NO CVE

High Risk

kyon147/laravel-shopify is vulnerable to Information Disclosure

Upgrade the kyon147/laravel-shopify library to the patch version.

Jun 10, 2025

AIKIDO-2025-10361

NO CVE

Low Risk

drf-standardized-errors is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the drf-standardized-errors library to the patch version.

Jun 10, 2025

AIKIDO-2025-10360

NO CVE

High Risk

github.com/gogs/gogs is vulnerable to Path Traversal

Upgrade the github.com/gogs/gogs library to the patch version.

Jun 10, 2025

AIKIDO-2025-10359

NO CVE

Low Risk

ip-num is vulnerable to Uncaught Exception

Upgrade the ip-num library to the patch version.

Jun 10, 2025

AIKIDO-2025-10358

NO CVE

Medium Risk

@cloudflare/workerd-darwin-64 is vulnerable to Use after free

Upgrade the @cloudflare library to the patch version.

Jun 9, 2025

AIKIDO-2025-10357

CVE-2024-8008

Medium Risk

org.wso2.carbon.identity.user.store.configuration.ui is vulnerable to Cross-site Scripting (XSS)

Upgrade the org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui library to a patch version.

Jun 9, 2025

AIKIDO-2025-10356

NO CVE

Medium Risk

litellm is vulnerable to SQL Injection

Upgrade the litellm library to the patch version.

Jun 9, 2025

AIKIDO-2025-10355

NO CVE

Medium Risk

spectator-ext-ipcservlet is vulnerable to Improper Input Validation

Upgrade the com.netflix.spectator:spectator-ext-ipcservlet library to the patch version.

Jun 6, 2025

AIKIDO-2025-10354

NO CVE

High Risk

django-guardian is vulnerable to Improper Authorization

Upgrade the django-guardian library to the patch version.

Jun 6, 2025

AIKIDO-2025-10353

CVE-2025-48953

Medium Risk

Umbraco.Cms is vulnerable to Unrestricted Upload of File with Dangerous Type

Upgrade the Umbraco.Cms library to the patch version.

Jun 6, 2025

AIKIDO-2025-10352

NO CVE

Medium Risk

@nextcloud/l10n is vulnerable to Prototype Pollution

Upgrade the @nextcloud/l10n library to the patch version.

Jun 6, 2025

AIKIDO-2025-10351

CVE-2025-5419

High Risk

electron is vulnerable to Out-of-bounds Read

Upgrade the electron library to the patch version.

Jun 6, 2025

AIKIDO-2025-10350

NO CVE

High Risk

ra-data-local-storage is vulnerable to Prototype Pollution

Upgrade the ra-data-local-storage library to a patch version.

Jun 4, 2025

AIKIDO-2025-10349

NO CVE

Low Risk

vyper is vulnerable to Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

Upgrade the vyper library to the patch version.

Jun 4, 2025

AIKIDO-2025-10348

NO CVE

High Risk

SharpCompress is vulnerable to Out-of-Bounds Read

Upgrade the SharpCompress library to the patch version.

Jun 4, 2025

AIKIDO-2025-10347

NO CVE

High Risk

n8n-nodes-base is vulnerable to Prototype Pollution

Upgrade the n8n-nodes-base library to the patch version.

Jun 3, 2025

AIKIDO-2025-10346

NO CVE

Medium Risk

haystack-ai is vulnerable to Regular Expression Denial-of-service (ReDoS)

Upgrade the haystack-ai library to the patch version.

Jun 3, 2025

AIKIDO-2025-10345

NO CVE

Low Risk

@metamask/assets-controllers is vulnerable to Client-Side Injection Attacks

Upgrade the @metamask/assets-controllers library to the patch version.

Jun 3, 2025

AIKIDO-2025-10344

NO CVE

Low Risk

hwi/oauth-bundle is vulnerable to Generation of Weak Initialization Vector (IV)

Upgrade the hwi/oauth-bundle library to a patch version.

Jun 3, 2025

AIKIDO-2025-10343

NO CVE

Medium Risk

arrow2 is vulnerable to Use of Unmaintained Third Party Components

Remove any arrow2 package from your application. Please take a look at <a href="https://crates.io/crates/arrow">arrow</a> instead.

Jun 3, 2025

AIKIDO-2025-10342

NO CVE

Low Risk

fast-mcp is vulnerable to Race Condition

Upgrade the fast-mcp library to the patch version.

Jun 3, 2025

AIKIDO-2025-10341

CVE-2025-4609

Medium Risk

electron is vulnerable to Insufficient policy enforcement

Upgrade the electron library to the patch version.

May 30, 2025

AIKIDO-2025-10340

NO CVE

Medium Risk

llama-index-core is vulnerable to Uncontrolled Resource Consumption

Upgrade the llama-index-core library to the patch version.

May 30, 2025

AIKIDO-2025-10339

CVE-2025-4664

Medium Risk

electron is vulnerable to Insufficient policy enforcement

Upgrade the electron library to the patch version.

May 30, 2025

AIKIDO-2025-10338

NO CVE

Low Risk

python-jose is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the python-jose library to a patch version.

May 30, 2025

AIKIDO-2025-10337

NO CVE

Medium Risk

litellm is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the litellm library to the patch version.

May 30, 2025

AIKIDO-2025-10336

NO CVE

Low Risk

@keycloak/keycloak-admin-client is vulnerable to Improper Authentication

Upgrade the @keycloak/keycloak-admin-client library to the patch version.

May 30, 2025

AIKIDO-2025-10335

NO CVE

Low Risk

chrome-php/chrome is vulnerable to CSS injection

Upgrade the chrome-php/chrome library to the patch version.

May 30, 2025

AIKIDO-2025-10334

NO CVE

Low Risk

github.com/fluxcd/kustomize-controller is vulnerable to Insertion of Sensitive Information into Log File

Upgrade the github.com/fluxcd/kustomize-controller library to the patch version.

May 30, 2025

AIKIDO-2025-10333

NO CVE

Low Risk

clevertap-web-sdk is vulnerable to Permissive Cross-domain Policy with Untrusted Domains

Upgrade the clevertap-web-sdk library to the patch version.

May 29, 2025

AIKIDO-2025-10332

NO CVE

Low Risk

CleverTap-iOS-SDK is vulnerable to Inadequate Encryption Strength

Upgrade the CleverTap-iOS-SDK library to the patch version

May 29, 2025

AIKIDO-2025-10331

NO CVE

Medium Risk

goblin is vulnerable to Integer Overflow

Upgrade the goblin library to the patch version.

May 29, 2025

AIKIDO-2025-10330

NO CVE

Low Risk

joserfc is vulnerable to Authentication Bypass by Spoofing

Upgrade the joserfc library to the patch version.

May 29, 2025

AIKIDO-2025-10329

NO CVE

Low Risk

slack-ruby-client is vulnerable to Observable Timing Discrepancy

Upgrade the slack-ruby-client library to the patch version.

May 29, 2025

AIKIDO-2025-10328

NO CVE

Medium Risk

@effect/platform is vulnerable to Cross-site Scripting (XSS)

Upgrade the @effect/platform library to the patch version.

May 29, 2025

AIKIDO-2025-10327

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.