Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

NO CVE

High Risk

label-studio is vulnerable to Improper Control of Generation of Code (Code Injection)

Upgrade the label-studio library to a patch version.

May 15, 2025

AIKIDO-2025-10310

NO CVE

High Risk

micro-eth-signer is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the micro-eth-signer library to the patch version.

May 15, 2025

AIKIDO-2025-10309

NO CVE

Low Risk

froala-editor is vulnerable to Dependency on Vulnerable Third-Party Component

Upgrade the froala-editor library to a patch version.

May 14, 2025

AIKIDO-2025-10308

NO CVE

Low Risk

Sentry is vulnerable to Information Disclosure

Upgrade the Sentry library to a patch version.

May 14, 2025

AIKIDO-2025-10307

NO CVE

High Risk

django-cms is vulnerable to Cross-site Scripting (XSS)

Upgrade the django-cms library to a patch version.

May 13, 2025

AIKIDO-2025-10306

NO CVE

Medium Risk

strapi-plugin-sso is vulnerable to Cross-Site Request Forgery (CSRF)

Upgrade the strapi-plugin-sso library to the patch version.

May 13, 2025

AIKIDO-2025-10305

NO CVE

Low Risk

appsignal is vulnerable to Information Disclosure

Upgrade the appsignal library to the patch version.

May 13, 2025

AIKIDO-2025-10304

NO CVE

Medium Risk

commons-asic is vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Upgrade the no.difi.commons:commons-asic library to the patch version.

May 12, 2025

AIKIDO-2025-10303

NO CVE

Low Risk

subst is vulnerable to Undefined Behavior

Upgrade the subst library to the patch version.

May 12, 2025

AIKIDO-2025-10302

GHSA-733v-p3h5-qpq7

Medium Risk

@escape.tech/graphql-armor-cost-limit is vulnerable to Unlimited Resource Consumption

Upgrade the @escape.tech/graphql-armor-cost-limit library to the patch version or set the ignoreIntrospection option to false.

May 9, 2025

AIKIDO-2025-10301

NO CVE

Medium Risk

craftcms/cms is vulnerable to Cross-site Scripting (XSS)

Upgrade the craftcms/cms library to the patch version.

May 9, 2025

AIKIDO-2025-10300

CVE-2025-46812

Medium Risk

trix is vulnerable to Cross-site Scripting (XSS)

Upgrade the trix library to a patch version.

May 8, 2025

AIKIDO-2025-10299

NO CVE

Low Risk

edgee-server is vulnerable to Improper Input Validation

Upgrade the edgee-server library to the patch version.

May 8, 2025

AIKIDO-2025-10298

NO CVE

Low Risk

maintenance_tasks is vulnerable to Exposure of Sensitive Information

Upgrade the maintenance_tasks library to the patch version.

May 8, 2025

AIKIDO-2025-10297

CVE-2025-46727

Medium Risk

rack is vulnerable to Denial of Service (DoS)

Upgrade the rack library to the patch version.

May 8, 2025

AIKIDO-2025-10296

NO CVE

Low Risk

Smartstore.Licensing is vulnerable to Cross-site Scripting (XSS)

Upgrade the Smartstore.Licensing library to the patch version.

May 8, 2025

AIKIDO-2025-10295

NO CVE

Low Risk

svix is vulnerable to Improper Input Validation

Upgrade the com.svix:svix library to the patch version.

May 8, 2025

AIKIDO-2025-10294

NO CVE

Low Risk

@liveblocks/react-ui is vulnerable to Missing Authorization

Upgrade the @liveblocks/react-ui library to the patch version.

May 8, 2025

AIKIDO-2025-10293

NO CVE

Low Risk

feed is vulnerable to Improper Input Validation

Upgrade the feed library to the patch version.

May 7, 2025

AIKIDO-2025-10292

NO CVE

Medium Risk

redox_uefi_std is vulnerable to Heap-based Buffer Overflow

Upgrade the redox_uefi_std library to the patch version.

May 7, 2025

AIKIDO-2025-10291

NO CVE

Low Risk

tanton_engine is vulnerable to Use of Unmaintained Third Party Components

Remove any tanton_engine package from your application.

May 7, 2025

AIKIDO-2025-10290

NO CVE

Low Risk

@automattic/newspack-blocks is vulnerable to Weak Password Requirements

Upgrade the @automattic/newspack-blocks library to the patch version.

May 6, 2025

AIKIDO-2025-10289

CVE-2025-46736

Medium Risk

Umbraco.Cms is vulnerable to Observable Response Discrepancy

Upgrade the Umbraco.Cms library to the patch version.

May 6, 2025

AIKIDO-2025-10288

NO CVE

Low Risk

Umbraco.Cms is vulnerable to Information Disclosure

Upgrade the Umbraco.Cms library to the patch version.

May 6, 2025

AIKIDO-2025-10287

NO CVE

Low Risk

n8n-nodes-base is vulnerable to Sandbox Bypass

Upgrade the n8n-nodes-base library to the patch version.

May 5, 2025

AIKIDO-2025-10286

CVE-2025-47241

Critical

browser-use is vulnerable to Incorrect Authorization

Upgrade the browser-use library to the patch version.

May 5, 2025

AIKIDO-2025-10285

NO CVE

Medium Risk

code-server is vulnerable to Server-Side Request Forgery (SSRF)

Upgrade the code-server library to the patch version.

May 3, 2025

AIKIDO-2025-10284

NO CVE

Low Risk

@stripe/connect-js is vulnerable to HTML Clobbering

Upgrade the @stripe/connect-js library to the patch version.

May 3, 2025

AIKIDO-2025-10283

NO CVE

Low Risk

github.com/openziti/sdk-golang is vulnerable to Race Condition

Upgrade the github.com/openziti/sdk-golang library to the patch version.

Apr 30, 2025

AIKIDO-2025-10282

NO CVE

Medium Risk

github.com/pulumi/esc is vulnerable to Integer Overflow

Upgrade the github.com/pulumi/esc library to the patch version.

Apr 30, 2025

AIKIDO-2025-10281

NO CVE

Medium Risk

atomic-polyfill is vulnerable to Use of Unmaintained Third Party Components

Remove any atomic-polyfill package from your application. Please take a look at portable-atomic instead.

Apr 30, 2025

AIKIDO-2025-10280

NO CVE

Medium Risk

registry is vulnerable to Use of Unmaintained Third Party Components

Remove any registry package from your application. Please take a look at windows-registry instead.

Apr 30, 2025

AIKIDO-2025-10279

NO CVE

Low Risk

django-debug-toolbar is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the django-debug-toolbar library to the patch version.

Apr 30, 2025

AIKIDO-2025-10278

NO CVE

Low Risk

risc0-zkvm is vulnerable to Undefined Behavior

Upgrade the risc0-zkvm library to the patch version.

Apr 30, 2025

AIKIDO-2025-10277

CVE-2025-46344

Medium Risk

@auth0/nextjs-auth0 is vulnerable to Insufficient Session Expiration

Upgrade the @auth0/nextjs-auth0 library to the patch version.

Apr 30, 2025

AIKIDO-2025-10276

NO CVE

Low Risk

jaq-core is vulnerable to Denial of Service (DoS)

Upgrade the jaq-core library to the patch version or turn off overflow checking.

Apr 29, 2025

AIKIDO-2025-10275

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.