Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

CVE-2025-3900

Medium Risk

drupal/colorbox is vulnerable to Cross-site Scripting (XSS)

Upgrade the drupal/colorbox library to the patch version.

Jul 18, 2025

AIKIDO-2025-10478

CVE-2025-3907

Medium Risk

drupal/search_api_solr is vulnerable to Cross-Site Request Forgery (CSRF)

Upgrade the drupal/search_api_solr library to the patch version.

Jul 18, 2025

AIKIDO-2025-10477

NO CVE

Low Risk

supabase is vulnerable to Use of Weak Credentials

Upgrade the supabase library to the patch version.

Jul 18, 2025

AIKIDO-2025-10476

CVE-2025-48009

Medium Risk

drupal/single_content_sync is vulnerable to Missing Authorization

Upgrade the drupal/single_content_sync library to the patch version.

Jul 17, 2025

AIKIDO-2025-10475

CVE-2025-48917

Medium Risk

drupal/eu_cookie_compliance is vulnerable to Cross Site Scripting (XSS)

Upgrade the drupal/eu_cookie_compliance library to the patch version.

Jul 17, 2025

AIKIDO-2025-10473

CVE-2025-48923

Medium Risk

drupal/toc_js is vulnerable to Cross Site Scripting (XSS)

Upgrade the drupal/toc_js library to the patch version.

Jul 17, 2025

AIKIDO-2025-10472

CVE-2025-6677

Medium Risk

drupal/paragraphs_table is vulnerable to Cross Site Scripting (XSS)

Upgrade the drupal/paragraphs_table library to the patch version.

Jul 17, 2025

AIKIDO-2025-10471

CVE-2025-7716

Medium Risk

drupal/yoast_seo is vulnerable to Cross-site Scripting (XSS)

Upgrade the drupal/yoast_seo library to the patch version.

Jul 17, 2025

AIKIDO-2025-10470

CVE-2025-7030

Medium Risk

drupal/tfa is vulnerable to Improper Privilege Management

Upgrade the drupal/tfa library to the patch version.

Jul 17, 2025

AIKIDO-2025-10469

NO CVE

Low Risk

github.com/containers/storage is vulnerable to Memory Leak

Upgrade the github.com/containers/storage library to the patch version.

Jul 16, 2025

AIKIDO-2025-10468

NO CVE

Medium Risk

codeigniter4/shield is vulnerable to Cross-site Scripting (XSS)

Upgrade the codeigniter4/shield library to the patch version.

Jul 16, 2025

AIKIDO-2025-10467

NO CVE

High Risk

OfX is vulnerable to Missing Encryption of Sensitive Data

Upgrade the OfX library to the patch version.

Jul 16, 2025

AIKIDO-2025-10466

NO CVE

Low Risk

github.com/athenZ/Athenz is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/athenZ/Athenz library to the patch version.

Jul 15, 2025

AIKIDO-2025-10465

NO CVE

Low Risk

@polkadot/apps-config is vulnerable to Cross-site Scripting (XSS)

Upgrade the @polkadot/apps-config library to a patch version.

Jul 15, 2025

AIKIDO-2025-10464

NO CVE

Medium Risk

@cosmjs/faucet-client is vulnerable to Regular Expression Denial of Service (ReDoS)

Upgrade the @cosmjs/faucet-client library to the patch version.

Jul 15, 2025

AIKIDO-2025-10463

NO CVE

Low Risk

zenml is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the zenml library to the patch version.

Jul 15, 2025

AIKIDO-2025-10462

NO CVE

Medium Risk

frappe-js-sdk is vulnerable to Cross-Site Request Forgery (CSRF)

Upgrade the frappe-js-sdk library to the patch version.

Jul 15, 2025

AIKIDO-2025-10461

NO CVE

High Risk

petl is vulnerable to Improper Control of Generation of Code ('Code Injection')

Upgrade the petl library to the patch version.

Jul 15, 2025

AIKIDO-2025-10460

NO CVE

Medium Risk

@modelcontextprotocol/sdk is vulnerable to Insufficient Session Expiration

Upgrade the @modelcontextprotocol/sdk library to the patch version.

Jul 15, 2025

AIKIDO-2025-10459

NO CVE

High Risk

csv-stringify is vulnerable to Improper Neutralization of Formula Elements in a CSV File

Upgrade the csv-stringify library to the patch version.

Jul 15, 2025

AIKIDO-2025-10458

NO CVE

Medium Risk

clearml is vulnerable to Improper Link Resolution Before File Access ('Link Following')

Upgrade the clearml library to the patch version.

Jul 11, 2025

AIKIDO-2025-10457

NO CVE

High Risk

typeson is vulnerable to Prototype Pollution

Upgrade the typeson library to the patch version.

Jul 10, 2025

AIKIDO-2025-10456

NO CVE

High Risk

@pdfme/common is vulnerable to Prototype Pollution

Upgrade the @pdfme/common library to the patch version.

Jul 10, 2025

AIKIDO-2025-10455

NO CVE

High Risk

gltf-pipeline is vulnerable to Path Traversal

Upgrade the gltf-pipeline library to the patch version.

Jul 10, 2025

AIKIDO-2025-10454

CVE-2025-7393

Critical

drupal/mail_login is vulnerable to Improper Restriction of Excessive Authentication Attempts

Upgrade the drupal/mail_login library to the patch version.

Jul 10, 2025

AIKIDO-2025-10453

NO CVE

Medium Risk

@liveblocks/core is vulnerable to Cross-site Scripting (XSS)

Upgrade the @liveblocks/core library to the patch version.

Jul 10, 2025

AIKIDO-2025-10451

NO CVE

Low Risk

@cubejs-backend/cubesql is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the @cubejs-backend/cubesql library to the patch version.

Jul 10, 2025

AIKIDO-2025-10450

NO CVE

Medium Risk

deno is vulnerable to Out-of-bounds Read

Upgrade the deno library to a patch version.

Jul 9, 2025

AIKIDO-2025-10449

NO CVE

Low Risk

github.com/grafana/synthetic-monitoring-agent is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/grafana/synthetic-monitoring-agent library to a patch version.

Jul 9, 2025

AIKIDO-2025-10448

NO CVE

Critical

PraisonAI is vulnerable to Remote Code Execution (RCE)

Upgrade the PraisonAI library to the patch version.

Jul 8, 2025

AIKIDO-2025-10447

NO CVE

Low Risk

craftcms/cms is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the craftcms/cms library to a patch version.

Jul 8, 2025

AIKIDO-2025-10446

NO CVE

Medium Risk

craftcms/cms is vulnerable to Remote Code Execution (RCE)

Upgrade the craftcms/cms library to a patch version.

Jul 8, 2025

AIKIDO-2025-10445

NO CVE

Medium Risk

prism-php/prism is vulnerable to Incorrect Permission Assignment for Critical Resource

Upgrade the prism-php/prism library to a patch version or set PRISM_SERVER_ENABLED config to false.

Jul 8, 2025

AIKIDO-2025-10444

NO CVE

Medium Risk

cadwyn is vulnerable to Cross-site Scripting (XSS)

Upgrade the cadwyn library to a patch version.

Jul 7, 2025

AIKIDO-2025-10443

NO CVE

Medium Risk

@orpc/openapi-client is vulnerable to Memory Allocation with Excessive Size Value

Upgrade the @orpc/openapi-client library to a patch version.

Jul 7, 2025

AIKIDO-2025-10442

NO CVE

High Risk

pdf2html is vulnerable to Path Traversal

Upgrade the pdf2html library to a patch version.

Jul 7, 2025

AIKIDO-2025-10441

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.