aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

1

0

4

3

aikido intel logo

malware

1

8

2

0

0

CVE-2025-3900
Medium Risk
drupal/colorbox is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/colorbox library to the patch version.
Jul 18, 2025
AIKIDO-2025-10478
CVE-2025-3907
Medium Risk
drupal/search_api_solr is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the drupal/search_api_solr library to the patch version.
Jul 18, 2025
AIKIDO-2025-10477
NO CVE
Low Risk
supabase is vulnerable to Use of Weak Credentials
Upgrade the supabase library to the patch version.
Jul 18, 2025
AIKIDO-2025-10476
CVE-2025-48009
Medium Risk
drupal/single_content_sync is vulnerable to Missing Authorization
Upgrade the drupal/single_content_sync library to the patch version.
Jul 17, 2025
AIKIDO-2025-10475
CVE-2025-48917
Medium Risk
drupal/eu_cookie_compliance is vulnerable to Cross Site Scripting (XSS)
Upgrade the drupal/eu_cookie_compliance library to the patch version.
Jul 17, 2025
AIKIDO-2025-10473
CVE-2025-48923
Medium Risk
drupal/toc_js is vulnerable to Cross Site Scripting (XSS)
Upgrade the drupal/toc_js library to the patch version.
Jul 17, 2025
AIKIDO-2025-10472
CVE-2025-6677
Medium Risk
drupal/paragraphs_table is vulnerable to Cross Site Scripting (XSS)
Upgrade the drupal/paragraphs_table library to the patch version.
Jul 17, 2025
AIKIDO-2025-10471
CVE-2025-7716
Medium Risk
drupal/yoast_seo is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/yoast_seo library to the patch version.
Jul 17, 2025
AIKIDO-2025-10470
CVE-2025-7030
Medium Risk
drupal/tfa is vulnerable to Improper Privilege Management
Upgrade the drupal/tfa library to the patch version.
Jul 17, 2025
AIKIDO-2025-10469
NO CVE
Low Risk
github.com/containers/storage is vulnerable to Memory Leak
Upgrade the github.com/containers/storage library to the patch version.
Jul 16, 2025
AIKIDO-2025-10468
NO CVE
Medium Risk
codeigniter4/shield is vulnerable to Cross-site Scripting (XSS)
Upgrade the codeigniter4/shield library to the patch version.
Jul 16, 2025
AIKIDO-2025-10467
NO CVE
High Risk
OfX is vulnerable to Missing Encryption of Sensitive Data
Upgrade the OfX library to the patch version.
Jul 16, 2025
AIKIDO-2025-10466
NO CVE
Low Risk
github.com/athenZ/Athenz is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the github.com/athenZ/Athenz library to the patch version.
Jul 15, 2025
AIKIDO-2025-10465
NO CVE
Low Risk
@polkadot/apps-config is vulnerable to Cross-site Scripting (XSS)
Upgrade the @polkadot/apps-config library to a patch version.
Jul 15, 2025
AIKIDO-2025-10464
NO CVE
Medium Risk
@cosmjs/faucet-client is vulnerable to Regular Expression Denial of Service (ReDoS)
Upgrade the @cosmjs/faucet-client library to the patch version.
Jul 15, 2025
AIKIDO-2025-10463
NO CVE
Low Risk
zenml is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the zenml library to the patch version.
Jul 15, 2025
AIKIDO-2025-10462
NO CVE
Medium Risk
frappe-js-sdk is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the frappe-js-sdk library to the patch version.
Jul 15, 2025
AIKIDO-2025-10461
NO CVE
High Risk
petl is vulnerable to Improper Control of Generation of Code ('Code Injection')
Upgrade the petl library to the patch version.
Jul 15, 2025
AIKIDO-2025-10460
NO CVE
Medium Risk
@modelcontextprotocol/sdk is vulnerable to Insufficient Session Expiration
Upgrade the @modelcontextprotocol/sdk library to the patch version.
Jul 15, 2025
AIKIDO-2025-10459
NO CVE
High Risk
csv-stringify is vulnerable to Improper Neutralization of Formula Elements in a CSV File
Upgrade the csv-stringify library to the patch version.
Jul 15, 2025
AIKIDO-2025-10458
NO CVE
Medium Risk
clearml is vulnerable to Improper Link Resolution Before File Access ('Link Following')
Upgrade the clearml library to the patch version.
Jul 11, 2025
AIKIDO-2025-10457
NO CVE
High Risk
typeson is vulnerable to Prototype Pollution
Upgrade the typeson library to the patch version.
Jul 10, 2025
AIKIDO-2025-10456
NO CVE
High Risk
@pdfme/common is vulnerable to Prototype Pollution
Upgrade the @pdfme/common library to the patch version.
Jul 10, 2025
AIKIDO-2025-10455
NO CVE
High Risk
gltf-pipeline is vulnerable to Path Traversal
Upgrade the gltf-pipeline library to the patch version.
Jul 10, 2025
AIKIDO-2025-10454
CVE-2025-7393
Critical
drupal/mail_login is vulnerable to Improper Restriction of Excessive Authentication Attempts
Upgrade the drupal/mail_login library to the patch version.
Jul 10, 2025
AIKIDO-2025-10453
NO CVE
Medium Risk
@liveblocks/core is vulnerable to Cross-site Scripting (XSS)
Upgrade the @liveblocks/core library to the patch version.
Jul 10, 2025
AIKIDO-2025-10451
NO CVE
Low Risk
@cubejs-backend/cubesql is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the @cubejs-backend/cubesql library to the patch version.
Jul 10, 2025
AIKIDO-2025-10450
NO CVE
Medium Risk
deno is vulnerable to Out-of-bounds Read
Upgrade the deno library to a patch version.
Jul 9, 2025
AIKIDO-2025-10449
NO CVE
Low Risk
github.com/grafana/synthetic-monitoring-agent is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the github.com/grafana/synthetic-monitoring-agent library to a patch version.
Jul 9, 2025
AIKIDO-2025-10448
NO CVE
Critical
PraisonAI is vulnerable to Remote Code Execution (RCE)
Upgrade the PraisonAI library to the patch version.
Jul 8, 2025
AIKIDO-2025-10447
NO CVE
Low Risk
craftcms/cms is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the craftcms/cms library to a patch version.
Jul 8, 2025
AIKIDO-2025-10446
NO CVE
Medium Risk
craftcms/cms is vulnerable to Remote Code Execution (RCE)
Upgrade the craftcms/cms library to a patch version.
Jul 8, 2025
AIKIDO-2025-10445
NO CVE
Medium Risk
prism-php/prism is vulnerable to Incorrect Permission Assignment for Critical Resource
Upgrade the prism-php/prism library to a patch version or set PRISM_SERVER_ENABLED config to false.
Jul 8, 2025
AIKIDO-2025-10444
NO CVE
Medium Risk
cadwyn is vulnerable to Cross-site Scripting (XSS)
Upgrade the cadwyn library to a patch version.
Jul 7, 2025
AIKIDO-2025-10443
NO CVE
Medium Risk
@orpc/openapi-client is vulnerable to Memory Allocation with Excessive Size Value
Upgrade the @orpc/openapi-client library to a patch version.
Jul 7, 2025
AIKIDO-2025-10442
NO CVE
High Risk
pdf2html is vulnerable to Path Traversal
Upgrade the pdf2html library to a patch version.
Jul 7, 2025
AIKIDO-2025-10441

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.