Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

Low Risk

github.com/athenZ/Athenz is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/athenZ/Athenz library to the patch version.

Jul 15, 2025

AIKIDO-2025-10465

NO CVE

Low Risk

@polkadot/apps-config is vulnerable to Cross-site Scripting (XSS)

Upgrade the @polkadot/apps-config library to a patch version.

Jul 15, 2025

AIKIDO-2025-10464

NO CVE

Medium Risk

@cosmjs/faucet-client is vulnerable to Regular Expression Denial of Service (ReDoS)

Upgrade the @cosmjs/faucet-client library to the patch version.

Jul 15, 2025

AIKIDO-2025-10463

NO CVE

Low Risk

zenml is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the zenml library to the patch version.

Jul 15, 2025

AIKIDO-2025-10462

NO CVE

Medium Risk

frappe-js-sdk is vulnerable to Cross-Site Request Forgery (CSRF)

Upgrade the frappe-js-sdk library to the patch version.

Jul 15, 2025

AIKIDO-2025-10461

NO CVE

High Risk

petl is vulnerable to Improper Control of Generation of Code ('Code Injection')

Upgrade the petl library to the patch version.

Jul 15, 2025

AIKIDO-2025-10460

NO CVE

Medium Risk

@modelcontextprotocol/sdk is vulnerable to Insufficient Session Expiration

Upgrade the @modelcontextprotocol/sdk library to the patch version.

Jul 15, 2025

AIKIDO-2025-10459

NO CVE

High Risk

csv-stringify is vulnerable to Improper Neutralization of Formula Elements in a CSV File

Upgrade the csv-stringify library to the patch version.

Jul 15, 2025

AIKIDO-2025-10458

NO CVE

Medium Risk

clearml is vulnerable to Improper Link Resolution Before File Access ('Link Following')

Upgrade the clearml library to the patch version.

Jul 11, 2025

AIKIDO-2025-10457

NO CVE

High Risk

typeson is vulnerable to Prototype Pollution

Upgrade the typeson library to the patch version.

Jul 10, 2025

AIKIDO-2025-10456

NO CVE

High Risk

@pdfme/common is vulnerable to Prototype Pollution

Upgrade the @pdfme/common library to the patch version.

Jul 10, 2025

AIKIDO-2025-10455

NO CVE

High Risk

gltf-pipeline is vulnerable to Path Traversal

Upgrade the gltf-pipeline library to the patch version.

Jul 10, 2025

AIKIDO-2025-10454

CVE-2025-7393

Critical

drupal/mail_login is vulnerable to Improper Restriction of Excessive Authentication Attempts

Upgrade the drupal/mail_login library to the patch version.

Jul 10, 2025

AIKIDO-2025-10453

NO CVE

Medium Risk

@liveblocks/core is vulnerable to Cross-site Scripting (XSS)

Upgrade the @liveblocks/core library to the patch version.

Jul 10, 2025

AIKIDO-2025-10451

NO CVE

Low Risk

@cubejs-backend/cubesql is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the @cubejs-backend/cubesql library to the patch version.

Jul 10, 2025

AIKIDO-2025-10450

NO CVE

Medium Risk

deno is vulnerable to Out-of-bounds Read

Upgrade the deno library to a patch version.

Jul 9, 2025

AIKIDO-2025-10449

NO CVE

Low Risk

github.com/grafana/synthetic-monitoring-agent is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the github.com/grafana/synthetic-monitoring-agent library to a patch version.

Jul 9, 2025

AIKIDO-2025-10448

NO CVE

Critical

PraisonAI is vulnerable to Remote Code Execution (RCE)

Upgrade the PraisonAI library to the patch version.

Jul 8, 2025

AIKIDO-2025-10447

NO CVE

Low Risk

craftcms/cms is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere

Upgrade the craftcms/cms library to a patch version.

Jul 8, 2025

AIKIDO-2025-10446

NO CVE

Medium Risk

craftcms/cms is vulnerable to Remote Code Execution (RCE)

Upgrade the craftcms/cms library to a patch version.

Jul 8, 2025

AIKIDO-2025-10445

NO CVE

Medium Risk

prism-php/prism is vulnerable to Incorrect Permission Assignment for Critical Resource

Upgrade the prism-php/prism library to a patch version or set PRISM_SERVER_ENABLED config to false.

Jul 8, 2025

AIKIDO-2025-10444

NO CVE

Medium Risk

cadwyn is vulnerable to Cross-site Scripting (XSS)

Upgrade the cadwyn library to a patch version.

Jul 7, 2025

AIKIDO-2025-10443

NO CVE

Medium Risk

@orpc/openapi-client is vulnerable to Memory Allocation with Excessive Size Value

Upgrade the @orpc/openapi-client library to a patch version.

Jul 7, 2025

AIKIDO-2025-10442

NO CVE

High Risk

pdf2html is vulnerable to Path Traversal

Upgrade the pdf2html library to a patch version.

Jul 7, 2025

AIKIDO-2025-10441

NO CVE

High Risk

pdf2html is vulnerable to Cross-site Scripting (XSS)

Upgrade the pdf2html library to a patch version.

Jul 7, 2025

AIKIDO-2025-10440

CVE-2025-37730

Medium Risk

logstash-output-tcp is vulnerable to Improper Certificate Validation

Upgrade the logstash-output-tcp library to the patch version.

Jul 7, 2025

AIKIDO-2025-10439

CVE-2024-46992

High Risk

electron is vulnerable to ASAR Integrity Bypass By Just Modifying The Content

Upgrade the electron library to the patch version.

Jul 7, 2025

AIKIDO-2025-10438

CVE-2024-46993

Medium Risk

electron is vulnerable to Heap-based Buffer Overflow

Upgrade the electron library to the patch version.

Jul 7, 2025

AIKIDO-2025-10437

CVE-2025-48997

High Risk

multer is vulnerable to Uncaught Exception

Upgrade the Multer library to the patch version.

Jul 7, 2025

AIKIDO-2025-10436

CVE-2025-47944

High Risk

multer is vulnerable to Uncaught Exception

Upgrade the Multer library to the patch version.

Jul 4, 2025

AIKIDO-2025-10435

NO CVE

High Risk

mariadb is vulnerable to Improper Certificate Validation

Upgrade the mariadb library to the patch version.

Jul 3, 2025

AIKIDO-2025-10434

NO CVE

High Risk

utopia-php/framework is vulnerable to Remote Code Execution (RCE)

Upgrade the utopia-php/framework library to the patch version.

Jul 3, 2025

AIKIDO-2025-10433

NO CVE

Medium Risk

github.com/cloudwego/hertz is vulnerable to Denial of service (DoS)

Upgrade the github.com/cloudwego/hertz library to the patch version.

Jul 2, 2025

AIKIDO-2025-10432

NO CVE

High Risk

github.com/cilium/cilium-cli is vulnerable to Zip Slip

Upgrade github.com/cilium/cilium-cli to the patch version.

Jul 2, 2025

AIKIDO-2025-10431

NO CVE

Medium Risk

pdfjs is vulnerable to Infinite Loop

Upgrade the pdfjs library to the patch version.

Jul 2, 2025

AIKIDO-2025-10430

NO CVE

Low Risk

linzer is vulnerable to Improper Verification of Cryptographic Signature

Upgrade the linzer library to the patch version.

Jul 2, 2025

AIKIDO-2025-10429

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.