aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

1

0

1

0

aikido intel logo

malware

1

7

0

2

1

NO CVE
Medium Risk
cadwyn is vulnerable to Cross-site Scripting (XSS)
Upgrade the cadwyn library to a patch version.
Jul 7, 2025
AIKIDO-2025-10443
NO CVE
Medium Risk
@orpc/openapi-client is vulnerable to Memory Allocation with Excessive Size Value
Upgrade the @orpc/openapi-client library to a patch version.
Jul 7, 2025
AIKIDO-2025-10442
NO CVE
High Risk
pdf2html is vulnerable to Path Traversal
Upgrade the pdf2html library to a patch version.
Jul 7, 2025
AIKIDO-2025-10441
NO CVE
High Risk
pdf2html is vulnerable to Cross-site Scripting (XSS)
Upgrade the pdf2html library to a patch version.
Jul 7, 2025
AIKIDO-2025-10440
CVE-2025-37730
Medium Risk
logstash-output-tcp is vulnerable to Improper Certificate Validation
Upgrade the logstash-output-tcp library to the patch version.
Jul 7, 2025
AIKIDO-2025-10439
CVE-2024-46992
High Risk
Electron is vulnerable to ASAR Integrity Bypass By Just Modifying The Content
Upgrade the Electron library to the patch version.
Jul 7, 2025
AIKIDO-2025-10438
CVE-2024-46993
Medium Risk
Electron is vulnerable to Heap-based Buffer Overflow
Upgrade the Electron library to the patch version.
Jul 7, 2025
AIKIDO-2025-10437
CVE-2025-48997
High Risk
Multer is vulnerable to Uncaught Exception
Upgrade the Multer library to the patch version.
Jul 7, 2025
AIKIDO-2025-10436
CVE-2025-47944
High Risk
Multer is vulnerable to Uncaught Exception
Upgrade the Multer library to the patch version.
Jul 4, 2025
AIKIDO-2025-10435
NO CVE
High Risk
mariadb is vulnerable to Improper Certificate Validation
Upgrade the mariadb library to the patch version.
Jul 3, 2025
AIKIDO-2025-10434
NO CVE
High Risk
utopia-php/framework is vulnerable to Remote Code Execution (RCE)
Upgrade the utopia-php/framework library to the patch version.
Jul 3, 2025
AIKIDO-2025-10433
NO CVE
Medium Risk
github.com/cloudwego/hertz is vulnerable to Denial of service (DoS)
Upgrade the github.com/cloudwego/hertz library to the patch version.
Jul 2, 2025
AIKIDO-2025-10432
NO CVE
High Risk
github.com/cilium/cilium-cli is vulnerable to Zip Slip
Upgrade github.com/cilium/cilium-cli to the patch version.
Jul 2, 2025
AIKIDO-2025-10431
NO CVE
Medium Risk
pdfjs is vulnerable to Infinite Loop
Upgrade the pdfjs library to the patch version.
Jul 2, 2025
AIKIDO-2025-10430
NO CVE
Low Risk
linzer is vulnerable to Improper Verification of Cryptographic Signature
Upgrade the linzer library to the patch version.
Jul 2, 2025
AIKIDO-2025-10429
NO CVE
Medium Risk
@havesource/cordova-plugin-push is vulnerable to Improper Export of Android Application Components
Upgrade the @havesource/cordova-plugin-push library to the patch version.
Jul 1, 2025
AIKIDO-2025-10428
NO CVE
High Risk
pimcore/admin-ui-classic-bundle is vulnerable to Cross-Site Scripting (XSS)
Upgrade the pimcore/admin-ui-classic-bundle library to the patch version.
Jul 1, 2025
AIKIDO-2025-10427
NO CVE
Medium Risk
govuk-prototype-kit is vulnerable to Open Redirect
Upgrade the govuk-prototype-kit library to the patch version.
Jul 1, 2025
AIKIDO-2025-10426
NO CVE
High Risk
sonic-rs is vulnerable to Use After Free
Upgrade the sonic-rs library to the patch version.
Jul 1, 2025
AIKIDO-2025-10425
NO CVE
Low Risk
repomix is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the repomix library to the patch version.
Jun 30, 2025
AIKIDO-2025-10424
NO CVE
Low Risk
github.com/filebrowser/filebrowser/v2 is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version.
Jun 30, 2025
AIKIDO-2025-10423
CVE-2025-0187
Low Risk
gradio is vulnerable to Denial of Service (DoS)
Upgrade the gradio library to the patch version or turn off overflow checking.
Jun 30, 2025
AIKIDO-2025-10422
CVE-2025-6444
Medium Risk
ServiceStack.Text is vulnerable to External Control of File Name or Path
Upgrade the ServiceStack.Text library to the patch version.
Jun 30, 2025
AIKIDO-2025-10421
CVE-2025-6445
Critical
ServiceStack.Text is vulnerable to Unsafe Deserialization
Upgrade the ServiceStack.Text library to the patch version.
Jun 30, 2025
AIKIDO-2025-10420
NO CVE
Medium Risk
googleads/google-ads-php is vulnerable to Exposure of Sensitive Information
Upgrade the googleads/google-ads-php library to a patch version.
Jun 30, 2025
AIKIDO-2025-10419
NO CVE
High Risk
Kanna is vulnerable to Use-After-Free
Upgrade the Kanna library to the patch version.
Jun 27, 2025
AIKIDO-2025-10418
NO CVE
Medium Risk
highlightjs-cshtml-razor is vulnerable to Regular Expression Denial of Service (ReDoS)
Upgrade the highlightjs-cshtml-razor library to the patch version.
Jun 27, 2025
AIKIDO-2025-10417
NO CVE
Medium Risk
ueberdosis/tiptap-php is vulnerable to Cross-site Scripting (XSS)
Upgrade the ueberdosis/tiptap-php library to the patch version.
Jun 27, 2025
AIKIDO-2025-10416
NO CVE
Medium Risk
drupal/simple_sitemap is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/simple_sitemap library to a patch version.
Jun 26, 2025
AIKIDO-2025-10415
NO CVE
Low Risk
pydantic-ai-slim is vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer
Upgrade pydantic-ai-slim to the patch version and set include_content=False or make sure no OpenTelemetry events are sent in your production environment.
Jun 26, 2025
AIKIDO-2025-10414
NO CVE
Medium Risk
openai-whisper is vulnerable to Unsafe Deserialization
Upgrade the openai-whisper library to the patch version.
Jun 26, 2025
AIKIDO-2025-10413
NO CVE
Critical
github.com/filebrowser/filebrowser/v2 is vulnerable to Remote Code Execution (RCE)
Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version or disable the command execution feature with --disable-exec=true.
Jun 26, 2025
AIKIDO-2025-10412
NO CVE
Medium Risk
@prismatic-io/prism is vulnerable to Code Injection
Upgrade the @prismatic-io/prism library to the patch version.
Jun 26, 2025
AIKIDO-2025-10411
NO CVE
Low Risk
github.com/datadog/dd-trace-go/contrib/database/sql/v2 is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the github.com/datadog/dd-trace-go/contrib/database/sql/v2 library to the patch version.
Jun 25, 2025
AIKIDO-2025-10410
NO CVE
Medium Risk
pocoproject.poco is vulnerable to Integer Overflow
Upgrade the pocoproject.poco library to the patch version.
Jun 25, 2025
AIKIDO-2025-10409
CVE-2024-38449
High Risk
kasmtech.KasmVNC is vulnerable to Path Traversal
Upgrade the kasmtech.KasmVNC library to the patch version.
Jun 25, 2025
AIKIDO-2025-10408

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.