VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/62853?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/62853?format=api",
    "purl": "pkg:npm/axios@1.13.5",
    "type": "npm",
    "namespace": "",
    "name": "axios",
    "version": "1.13.5",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "1.15.0",
    "latest_non_vulnerable_version": "1.15.0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20921?format=api",
            "vulnerability_id": "VCID-x41s-g5mh-pkdq",
            "summary": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig\n# Denial of Service via **proto** Key in mergeConfig\n\n### Summary\n\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.\n\n### Details\n\nThe vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:\n\n```javascript\nutils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {\n  const merge = mergeMap[prop] || mergeDeepProperties;\n  const configValue = merge(config1[prop], config2[prop], prop);\n  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);\n});\n```\n\nWhen `prop` is `'__proto__'`:\n\n1. `JSON.parse('{\"__proto__\": {...}}')` creates an object with `__proto__` as an own enumerable property\n2. `Object.keys()` includes `'__proto__'` in the iteration\n3. `mergeMap['__proto__']` performs prototype chain lookup, returning `Object.prototype` (truthy object)\n4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to `Object.prototype`\n5. `Object.prototype(...)` throws `TypeError: merge is not a function`\n\nThe `mergeConfig` function is called by:\n\n- `Axios._request()` at `lib/core/Axios.js:75`\n- `Axios.getUri()` at `lib/core/Axios.js:201`\n- All HTTP method shortcuts (`get`, `post`, etc.) at `lib/core/Axios.js:211,224`\n\n### PoC\n\n```javascript\nimport axios from \"axios\";\n\nconst maliciousConfig = JSON.parse('{\"__proto__\": {\"x\": 1}}');\nawait axios.get(\"https://httpbin.org/get\", maliciousConfig);\n```\n\n**Reproduction steps:**\n\n1. Clone axios repository or `npm install axios`\n2. Create file `poc.mjs` with the code above\n3. Run: `node poc.mjs`\n4. Observe the TypeError crash\n\n**Verified output (axios 1.13.4):**\n\n```\nTypeError: merge is not a function\n    at computeConfigValue (lib/core/mergeConfig.js:100:25)\n    at Object.forEach (lib/utils.js:280:10)\n    at mergeConfig (lib/core/mergeConfig.js:98:9)\n```\n\n**Control tests performed:**\n| Test | Config | Result |\n|------|--------|--------|\n| Normal config | `{\"timeout\": 5000}` | SUCCESS |\n| Malicious config | `JSON.parse('{\"__proto__\": {\"x\": 1}}')` | **CRASH** |\n| Nested object | `{\"headers\": {\"X-Test\": \"value\"}}` | SUCCESS |\n\n**Attack scenario:**\nAn application that accepts user input, parses it with `JSON.parse()`, and passes it to axios configuration will crash when receiving the payload `{\"__proto__\": {\"x\": 1}}`.\n\n### Impact\n\n**Denial of Service** - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.\n\nAffected environments:\n\n- Node.js servers using axios for HTTP requests\n- Any backend that passes parsed JSON to axios configuration\n\nThis is NOT prototype pollution - the application crashes before any assignment occurs.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25639",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1578",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.15744",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1582",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.15889",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.15927",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1595",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.15802",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.16003",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1594",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00051",
                            "scoring_system": "epss",
                            "scoring_elements": "0.15888",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00053",
                            "scoring_system": "epss",
                            "scoring_elements": "0.16649",
                            "published_at": "2026-04-18T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25639"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639"
                },
                {
                    "reference_url": "https://github.com/axios/axios",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/axios/axios"
                },
                {
                    "reference_url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
                },
                {
                    "reference_url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
                },
                {
                    "reference_url": "https://github.com/axios/axios/pull/7369",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/pull/7369"
                },
                {
                    "reference_url": "https://github.com/axios/axios/pull/7388",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/pull/7388"
                },
                {
                    "reference_url": "https://github.com/axios/axios/releases/tag/v0.30.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/axios/axios/releases/tag/v0.30.0"
                },
                {
                    "reference_url": "https://github.com/axios/axios/releases/tag/v0.30.3",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/releases/tag/v0.30.3"
                },
                {
                    "reference_url": "https://github.com/axios/axios/releases/tag/v1.13.5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/releases/tag/v1.13.5"
                },
                {
                    "reference_url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"
                        }
                    ],
                    "url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907",
                    "reference_id": "1127907",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237",
                    "reference_id": "2438237",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
                    "reference_id": "GHSA-43fc-jf86-j433",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-43fc-jf86-j433"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184",
                    "reference_id": "RHSA-2026:10184",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:10184"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:2694",
                    "reference_id": "RHSA-2026:2694",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:2694"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3087",
                    "reference_id": "RHSA-2026:3087",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3087"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3105",
                    "reference_id": "RHSA-2026:3105",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3105"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3106",
                    "reference_id": "RHSA-2026:3106",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3106"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3107",
                    "reference_id": "RHSA-2026:3107",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3107"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3109",
                    "reference_id": "RHSA-2026:3109",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3109"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:4942",
                    "reference_id": "RHSA-2026:4942",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:4942"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5142",
                    "reference_id": "RHSA-2026:5142",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5142"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5168",
                    "reference_id": "RHSA-2026:5168",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5168"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5174",
                    "reference_id": "RHSA-2026:5174",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5174"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5636",
                    "reference_id": "RHSA-2026:5636",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5636"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5665",
                    "reference_id": "RHSA-2026:5665",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5665"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5807",
                    "reference_id": "RHSA-2026:5807",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5807"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6170",
                    "reference_id": "RHSA-2026:6170",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6170"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6174",
                    "reference_id": "RHSA-2026:6174",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6174"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6192",
                    "reference_id": "RHSA-2026:6192",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6192"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6277",
                    "reference_id": "RHSA-2026:6277",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6277"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6308",
                    "reference_id": "RHSA-2026:6308",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6308"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6309",
                    "reference_id": "RHSA-2026:6309",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6309"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6404",
                    "reference_id": "RHSA-2026:6404",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6404"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6428",
                    "reference_id": "RHSA-2026:6428",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6428"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6497",
                    "reference_id": "RHSA-2026:6497",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6497"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6567",
                    "reference_id": "RHSA-2026:6567",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6567"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568",
                    "reference_id": "RHSA-2026:6568",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6568"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6802",
                    "reference_id": "RHSA-2026:6802",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6802"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:7249",
                    "reference_id": "RHSA-2026:7249",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:7249"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8218",
                    "reference_id": "RHSA-2026:8218",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8218"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8229",
                    "reference_id": "RHSA-2026:8229",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8229"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8499",
                    "reference_id": "RHSA-2026:8499",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8499"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8500",
                    "reference_id": "RHSA-2026:8500",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8500"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8501",
                    "reference_id": "RHSA-2026:8501",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8501"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:9848",
                    "reference_id": "RHSA-2026:9848",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:9848"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/62854?format=api",
                    "purl": "pkg:npm/axios@0.30.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/631910?format=api",
                    "purl": "pkg:npm/axios@1.0.0-alpha.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/62853?format=api",
                    "purl": "pkg:npm/axios@1.13.5",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5"
                }
            ],
            "aliases": [
                "CVE-2026-25639",
                "GHSA-43fc-jf86-j433"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x41s-g5mh-pkdq"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5"
}

Package Instance