Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wbq8-z3qg-bfbt
SummaryAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1.
Aliases
0
alias CVE-2026-42036
Fixed_packages
0
url pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1%3Fdistro=trixie
1
url pkg:deb/debian/node-axios@1.15.2-1
purl pkg:deb/debian/node-axios@1.15.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.2-1
Affected_packages
0
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1
1
url pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-axios@0.21.1%2Bdfsg-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vkx-cwua-rqe4
1
vulnerability VCID-671j-k4zn-xbgk
2
vulnerability VCID-7rdk-mw2k-eqdx
3
vulnerability VCID-8352-4tud-y3f4
4
vulnerability VCID-aq84-8cnz-byax
5
vulnerability VCID-axk7-6q4b-vuga
6
vulnerability VCID-cj5w-7hbe-wqex
7
vulnerability VCID-drqq-9mkv-qkbx
8
vulnerability VCID-e86t-8z3n-sqgd
9
vulnerability VCID-ek49-tuj4-t3ap
10
vulnerability VCID-gtc3-vrcs-yfb9
11
vulnerability VCID-hq6f-86aj-8yav
12
vulnerability VCID-kgnf-z6ca-tqgp
13
vulnerability VCID-nmzm-1341-jfgt
14
vulnerability VCID-p78g-vmhn-yyck
15
vulnerability VCID-tdwz-gg36-mkgs
16
vulnerability VCID-uuzj-ta8k-c3fn
17
vulnerability VCID-wbq8-z3qg-bfbt
18
vulnerability VCID-x41s-g5mh-pkdq
19
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@0.21.1%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1
3
url pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-axios@1.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-hq6f-86aj-8yav
10
vulnerability VCID-kgnf-z6ca-tqgp
11
vulnerability VCID-nmzm-1341-jfgt
12
vulnerability VCID-p78g-vmhn-yyck
13
vulnerability VCID-tdwz-gg36-mkgs
14
vulnerability VCID-uuzj-ta8k-c3fn
15
vulnerability VCID-wbq8-z3qg-bfbt
16
vulnerability VCID-x41s-g5mh-pkdq
17
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
purl pkg:deb/debian/node-axios@1.8.4%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-aq84-8cnz-byax
3
vulnerability VCID-axk7-6q4b-vuga
4
vulnerability VCID-cj5w-7hbe-wqex
5
vulnerability VCID-drqq-9mkv-qkbx
6
vulnerability VCID-e86t-8z3n-sqgd
7
vulnerability VCID-ek49-tuj4-t3ap
8
vulnerability VCID-gtc3-vrcs-yfb9
9
vulnerability VCID-kgnf-z6ca-tqgp
10
vulnerability VCID-nmzm-1341-jfgt
11
vulnerability VCID-p78g-vmhn-yyck
12
vulnerability VCID-tdwz-gg36-mkgs
13
vulnerability VCID-uuzj-ta8k-c3fn
14
vulnerability VCID-wbq8-z3qg-bfbt
15
vulnerability VCID-x41s-g5mh-pkdq
16
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.8.4%252Bdfsg-1
6
url pkg:deb/debian/node-axios@1.15.0-1
purl pkg:deb/debian/node-axios@1.15.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1
7
url pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
purl pkg:deb/debian/node-axios@1.15.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-671j-k4zn-xbgk
1
vulnerability VCID-8352-4tud-y3f4
2
vulnerability VCID-cj5w-7hbe-wqex
3
vulnerability VCID-drqq-9mkv-qkbx
4
vulnerability VCID-e86t-8z3n-sqgd
5
vulnerability VCID-gtc3-vrcs-yfb9
6
vulnerability VCID-nmzm-1341-jfgt
7
vulnerability VCID-p78g-vmhn-yyck
8
vulnerability VCID-tdwz-gg36-mkgs
9
vulnerability VCID-uuzj-ta8k-c3fn
10
vulnerability VCID-wbq8-z3qg-bfbt
11
vulnerability VCID-z6xx-7p9v-gqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-axios@1.15.0-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42036
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11627
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42036
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id 1134878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
3
reference_url https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99
reference_id GHSA-vf2m-468p-8v99
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:30:17Z/
url https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99
Weaknesses
0
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Exploits
Severity_range_score5.3 - 5.3
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wbq8-z3qg-bfbt