Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

Medium Risk

cadwyn is vulnerable to Cross-site Scripting (XSS)

Upgrade the cadwyn library to a patch version.

Jul 7, 2025

AIKIDO-2025-10443

NO CVE

Medium Risk

@orpc/openapi-client is vulnerable to Memory Allocation with Excessive Size Value

Upgrade the @orpc/openapi-client library to a patch version.

Jul 7, 2025

AIKIDO-2025-10442

NO CVE

High Risk

pdf2html is vulnerable to Path Traversal

Upgrade the pdf2html library to a patch version.

Jul 7, 2025

AIKIDO-2025-10441

NO CVE

High Risk

pdf2html is vulnerable to Cross-site Scripting (XSS)

Upgrade the pdf2html library to a patch version.

Jul 7, 2025

AIKIDO-2025-10440

CVE-2025-37730

Medium Risk

logstash-output-tcp is vulnerable to Improper Certificate Validation

Upgrade the logstash-output-tcp library to the patch version.

Jul 7, 2025

AIKIDO-2025-10439

CVE-2024-46992

High Risk

Electron is vulnerable to ASAR Integrity Bypass By Just Modifying The Content

Upgrade the Electron library to the patch version.

Jul 7, 2025

AIKIDO-2025-10438

CVE-2024-46993

Medium Risk

Electron is vulnerable to Heap-based Buffer Overflow

Upgrade the Electron library to the patch version.

Jul 7, 2025

AIKIDO-2025-10437

CVE-2025-48997

High Risk

Multer is vulnerable to Uncaught Exception

Upgrade the Multer library to the patch version.

Jul 7, 2025

AIKIDO-2025-10436

CVE-2025-47944

High Risk

Multer is vulnerable to Uncaught Exception

Upgrade the Multer library to the patch version.

Jul 4, 2025

AIKIDO-2025-10435

NO CVE

High Risk

mariadb is vulnerable to Improper Certificate Validation

Upgrade the mariadb library to the patch version.

Jul 3, 2025

AIKIDO-2025-10434

NO CVE

High Risk

utopia-php/framework is vulnerable to Remote Code Execution (RCE)

Upgrade the utopia-php/framework library to the patch version.

Jul 3, 2025

AIKIDO-2025-10433

NO CVE

Medium Risk

github.com/cloudwego/hertz is vulnerable to Denial of service (DoS)

Upgrade the github.com/cloudwego/hertz library to the patch version.

Jul 2, 2025

AIKIDO-2025-10432

NO CVE

High Risk

github.com/cilium/cilium-cli is vulnerable to Zip Slip

Upgrade github.com/cilium/cilium-cli to the patch version.

Jul 2, 2025

AIKIDO-2025-10431

NO CVE

Medium Risk

pdfjs is vulnerable to Infinite Loop

Upgrade the pdfjs library to the patch version.

Jul 2, 2025

AIKIDO-2025-10430

NO CVE

Low Risk

linzer is vulnerable to Improper Verification of Cryptographic Signature

Upgrade the linzer library to the patch version.

Jul 2, 2025

AIKIDO-2025-10429

NO CVE

Medium Risk

@havesource/cordova-plugin-push is vulnerable to Improper Export of Android Application Components

Upgrade the @havesource/cordova-plugin-push library to the patch version.

Jul 1, 2025

AIKIDO-2025-10428

NO CVE

High Risk

pimcore/admin-ui-classic-bundle is vulnerable to Cross-Site Scripting (XSS)

Upgrade the pimcore/admin-ui-classic-bundle library to the patch version.

Jul 1, 2025

AIKIDO-2025-10427

NO CVE

Medium Risk

govuk-prototype-kit is vulnerable to Open Redirect

Upgrade the govuk-prototype-kit library to the patch version.

Jul 1, 2025

AIKIDO-2025-10426

NO CVE

High Risk

sonic-rs is vulnerable to Use After Free

Upgrade the sonic-rs library to the patch version.

Jul 1, 2025

AIKIDO-2025-10425

NO CVE

Low Risk

repomix is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the repomix library to the patch version.

Jun 30, 2025

AIKIDO-2025-10424

NO CVE

Low Risk

github.com/filebrowser/filebrowser/v2 is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version.

Jun 30, 2025

AIKIDO-2025-10423

CVE-2025-0187

Low Risk

gradio is vulnerable to Denial of Service (DoS)

Upgrade the gradio library to the patch version or turn off overflow checking.

Jun 30, 2025

AIKIDO-2025-10422

CVE-2025-6444

Medium Risk

ServiceStack.Text is vulnerable to External Control of File Name or Path

Upgrade the ServiceStack.Text library to the patch version.

Jun 30, 2025

AIKIDO-2025-10421

CVE-2025-6445

Critical

ServiceStack.Text is vulnerable to Unsafe Deserialization

Upgrade the ServiceStack.Text library to the patch version.

Jun 30, 2025

AIKIDO-2025-10420

NO CVE

Medium Risk

googleads/google-ads-php is vulnerable to Exposure of Sensitive Information

Upgrade the googleads/google-ads-php library to a patch version.

Jun 30, 2025

AIKIDO-2025-10419

NO CVE

High Risk

Kanna is vulnerable to Use-After-Free

Upgrade the Kanna library to the patch version.

Jun 27, 2025

AIKIDO-2025-10418

NO CVE

Medium Risk

highlightjs-cshtml-razor is vulnerable to Regular Expression Denial of Service (ReDoS)

Upgrade the highlightjs-cshtml-razor library to the patch version.

Jun 27, 2025

AIKIDO-2025-10417

NO CVE

Medium Risk

ueberdosis/tiptap-php is vulnerable to Cross-site Scripting (XSS)

Upgrade the ueberdosis/tiptap-php library to the patch version.

Jun 27, 2025

AIKIDO-2025-10416

NO CVE

Medium Risk

drupal/simple_sitemap is vulnerable to Cross-site Scripting (XSS)

Upgrade the drupal/simple_sitemap library to a patch version.

Jun 26, 2025

AIKIDO-2025-10415

NO CVE

Low Risk

pydantic-ai-slim is vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer

Upgrade pydantic-ai-slim to the patch version and set include_content=False or make sure no OpenTelemetry events are sent in your production environment.

Jun 26, 2025

AIKIDO-2025-10414

NO CVE

Medium Risk

openai-whisper is vulnerable to Unsafe Deserialization

Upgrade the openai-whisper library to the patch version.

Jun 26, 2025

AIKIDO-2025-10413

NO CVE

Critical

github.com/filebrowser/filebrowser/v2 is vulnerable to Remote Code Execution (RCE)

Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version or disable the command execution feature with --disable-exec=true.

Jun 26, 2025

AIKIDO-2025-10412

NO CVE

Medium Risk

@prismatic-io/prism is vulnerable to Code Injection

Upgrade the @prismatic-io/prism library to the patch version.

Jun 26, 2025

AIKIDO-2025-10411

NO CVE

Low Risk

github.com/datadog/dd-trace-go/contrib/database/sql/v2 is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the github.com/datadog/dd-trace-go/contrib/database/sql/v2 library to the patch version.

Jun 25, 2025

AIKIDO-2025-10410

NO CVE

Medium Risk

pocoproject.poco is vulnerable to Integer Overflow

Upgrade the pocoproject.poco library to the patch version.

Jun 25, 2025

AIKIDO-2025-10409

CVE-2024-38449

High Risk

kasmtech.KasmVNC is vulnerable to Path Traversal

Upgrade the kasmtech.KasmVNC library to the patch version.

Jun 25, 2025

AIKIDO-2025-10408

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.