Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/axios@1.0.0
Typenpm
Namespace
Nameaxios
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.0
Latest_non_vulnerable_version1.16.0
Affected_by_vulnerabilities
0
url VCID-37kj-pzyt-8be6
vulnerability_id VCID-37kj-pzyt-8be6
summary 
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json
1
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
2
reference_url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
3
reference_url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e
4
reference_url https://github.com/axios/axios/pull/7369
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7369
5
reference_url https://github.com/axios/axios/pull/7388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7388
6
reference_url https://github.com/axios/axios/releases/tag/v0.30.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v0.30.3
7
reference_url https://github.com/axios/axios/releases/tag/v1.13.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.13.5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
reference_id 1127907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
reference_id 2438237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438237
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
reference_id CVE-2026-25639
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25639
11
reference_url https://github.com/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
url https://github.com/advisories/GHSA-43fc-jf86-j433
12
reference_url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
reference_id GHSA-43fc-jf86-j433
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
13
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
14
reference_url https://access.redhat.com/errata/RHSA-2026:11414
reference_id RHSA-2026:11414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11414
15
reference_url https://access.redhat.com/errata/RHSA-2026:13542
reference_id RHSA-2026:13542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13542
16
reference_url https://access.redhat.com/errata/RHSA-2026:13548
reference_id RHSA-2026:13548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13548
17
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
18
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
19
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
20
reference_url https://access.redhat.com/errata/RHSA-2026:3105
reference_id RHSA-2026:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3105
21
reference_url https://access.redhat.com/errata/RHSA-2026:3106
reference_id RHSA-2026:3106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3106
22
reference_url https://access.redhat.com/errata/RHSA-2026:3107
reference_id RHSA-2026:3107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3107
23
reference_url https://access.redhat.com/errata/RHSA-2026:3109
reference_id RHSA-2026:3109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3109
24
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
25
reference_url https://access.redhat.com/errata/RHSA-2026:5142
reference_id RHSA-2026:5142
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5142
26
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
27
reference_url https://access.redhat.com/errata/RHSA-2026:5174
reference_id RHSA-2026:5174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5174
28
reference_url https://access.redhat.com/errata/RHSA-2026:5633
reference_id RHSA-2026:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5633
29
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
30
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
31
reference_url https://access.redhat.com/errata/RHSA-2026:5807
reference_id RHSA-2026:5807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5807
32
reference_url https://access.redhat.com/errata/RHSA-2026:6170
reference_id RHSA-2026:6170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6170
33
reference_url https://access.redhat.com/errata/RHSA-2026:6174
reference_id RHSA-2026:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6174
34
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
35
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
36
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
37
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
38
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
39
reference_url https://access.redhat.com/errata/RHSA-2026:6428
reference_id RHSA-2026:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6428
40
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
41
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
42
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
43
reference_url https://access.redhat.com/errata/RHSA-2026:6802
reference_id RHSA-2026:6802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6802
44
reference_url https://access.redhat.com/errata/RHSA-2026:7249
reference_id RHSA-2026:7249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7249
45
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
46
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
47
reference_url https://access.redhat.com/errata/RHSA-2026:8499
reference_id RHSA-2026:8499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8499
48
reference_url https://access.redhat.com/errata/RHSA-2026:8500
reference_id RHSA-2026:8500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8500
49
reference_url https://access.redhat.com/errata/RHSA-2026:8501
reference_id RHSA-2026:8501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8501
50
reference_url https://access.redhat.com/errata/RHSA-2026:9848
reference_id RHSA-2026:9848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9848
fixed_packages
0
url pkg:npm/axios@1.13.5
purl pkg:npm/axios@1.13.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5
aliases CVE-2026-25639, GHSA-43fc-jf86-j433
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37kj-pzyt-8be6
1
url VCID-aqa5-vr2y-33cw
vulnerability_id VCID-aqa5-vr2y-33cw
summary 
Axios Cross-Site Request Forgery Vulnerability
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json
1
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
2
reference_url https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
3
reference_url https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
4
reference_url https://github.com/axios/axios/issues/6006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/issues/6006
5
reference_url https://github.com/axios/axios/issues/6022
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/issues/6022
6
reference_url https://github.com/axios/axios/pull/6028
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6028
7
reference_url https://github.com/axios/axios/pull/6091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6091
8
reference_url https://github.com/axios/axios/releases/tag/v0.28.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v0.28.0
9
reference_url https://github.com/axios/axios/releases/tag/v1.6.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.6.0
10
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
11
reference_url https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
reference_id 1056099
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2248979
reference_id 2248979
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2248979
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45857
reference_id CVE-2023-45857
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45857
15
reference_url https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
reference_id GHSA-wf5p-g6vw-rhxx
reference_type
scores
url https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
16
reference_url https://access.redhat.com/errata/RHSA-2024:1925
reference_id RHSA-2024:1925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1925
17
reference_url https://access.redhat.com/errata/RHSA-2024:3314
reference_id RHSA-2024:3314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3314
18
reference_url https://access.redhat.com/errata/RHSA-2024:3316
reference_id RHSA-2024:3316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3316
19
reference_url https://access.redhat.com/errata/RHSA-2024:3473
reference_id RHSA-2024:3473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3473
20
reference_url https://access.redhat.com/errata/RHSA-2024:3920
reference_id RHSA-2024:3920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3920
21
reference_url https://access.redhat.com/errata/RHSA-2024:4269
reference_id RHSA-2024:4269
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4269
22
reference_url https://access.redhat.com/errata/RHSA-2024:4455
reference_id RHSA-2024:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4455
23
reference_url https://access.redhat.com/errata/RHSA-2024:5314
reference_id RHSA-2024:5314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5314
24
reference_url https://access.redhat.com/errata/RHSA-2025:2876
reference_id RHSA-2025:2876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2876
fixed_packages
0
url pkg:npm/axios@1.6.0
purl pkg:npm/axios@1.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.6.0
aliases CVE-2023-45857, GHSA-wf5p-g6vw-rhxx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqa5-vr2y-33cw
2
url VCID-axy8-kmka-pugw
vulnerability_id VCID-axy8-kmka-pugw
summary 
Axios is vulnerable to DoS attack through lack of data size check
When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.
This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
1
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
2
reference_url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
3
reference_url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
4
reference_url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
5
reference_url https://github.com/axios/axios/pull/7011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7011
6
reference_url https://github.com/axios/axios/pull/7034
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7034
7
reference_url https://github.com/axios/axios/releases/tag/v0.30.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v0.30.2
8
reference_url https://github.com/axios/axios/releases/tag/v1.12.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.12.0
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
reference_id 1114963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
reference_id 2394735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
reference_id CVE-2025-58754
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
12
reference_url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
13
reference_url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
14
reference_url https://access.redhat.com/errata/RHSA-2025:16747
reference_id RHSA-2025:16747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16747
15
reference_url https://access.redhat.com/errata/RHSA-2025:18252
reference_id RHSA-2025:18252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18252
16
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
17
reference_url https://access.redhat.com/errata/RHSA-2025:19335
reference_id RHSA-2025:19335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19335
18
reference_url https://access.redhat.com/errata/RHSA-2025:19375
reference_id RHSA-2025:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19375
19
reference_url https://access.redhat.com/errata/RHSA-2025:19529
reference_id RHSA-2025:19529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19529
20
reference_url https://access.redhat.com/errata/RHSA-2025:19804
reference_id RHSA-2025:19804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19804
21
reference_url https://access.redhat.com/errata/RHSA-2025:19961
reference_id RHSA-2025:19961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19961
22
reference_url https://access.redhat.com/errata/RHSA-2025:22684
reference_id RHSA-2025:22684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22684
23
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
24
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
25
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
26
reference_url https://access.redhat.com/errata/RHSA-2025:23546
reference_id RHSA-2025:23546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23546
27
reference_url https://access.redhat.com/errata/RHSA-2026:0627
reference_id RHSA-2026:0627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0627
28
reference_url https://access.redhat.com/errata/RHSA-2026:0718
reference_id RHSA-2026:0718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0718
29
reference_url https://access.redhat.com/errata/RHSA-2026:1018
reference_id RHSA-2026:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1018
30
reference_url https://access.redhat.com/errata/RHSA-2026:1942
reference_id RHSA-2026:1942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1942
31
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
32
reference_url https://access.redhat.com/errata/RHSA-2026:6226
reference_id RHSA-2026:6226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6226
fixed_packages
0
url pkg:npm/axios@1.12.0
purl pkg:npm/axios@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.12.0
aliases CVE-2025-58754, GHSA-4hjh-wcwx-xvwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axy8-kmka-pugw
3
url VCID-vq2d-yv43-57b6
vulnerability_id VCID-vq2d-yv43-57b6
summary 
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json
1
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
2
reference_url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde
3
reference_url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f
4
reference_url https://github.com/axios/axios/issues/6463
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/issues/6463
5
reference_url https://github.com/axios/axios/pull/6829
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/6829
6
reference_url https://github.com/axios/axios/releases/tag/v1.8.2
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.8.2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
reference_id 1102223
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
reference_id 2350618
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2350618
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
reference_id CVE-2025-27152
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27152
10
reference_url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
reference_id GHSA-jr5f-v2jv-69x6
reference_type
scores
url https://github.com/advisories/GHSA-jr5f-v2jv-69x6
11
reference_url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
reference_id GHSA-jr5f-v2jv-69x6
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
fixed_packages
0
url pkg:npm/axios@1.8.2
purl pkg:npm/axios@1.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2
aliases CVE-2025-27152, GHSA-jr5f-v2jv-69x6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2d-yv43-57b6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0