{"url":"http://public2.vulnerablecode.io/api/packages/32968?format=json","purl":"pkg:npm/axios@1.7.4","type":"npm","namespace":"","name":"axios","version":"1.7.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.16.0","latest_non_vulnerable_version":"1.16.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70324?format=json","vulnerability_id":"VCID-3rmd-rsjh-27hf","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42036","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09435","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42036","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42036"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461633","reference_id":"2461633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461633"},{"reference_url":"https://github.com/advisories/GHSA-vf2m-468p-8v99","reference_id":"GHSA-vf2m-468p-8v99","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf2m-468p-8v99"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99","reference_id":"GHSA-vf2m-468p-8v99","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:30:17Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42036","GHSA-vf2m-468p-8v99"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rmd-rsjh-27hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70659?format=json","vulnerability_id":"VCID-47b2-yz73-8ffw","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it. The shouldBypassProxy() function does pure string matching — it does not resolve IP aliases or loopback equivalents. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42038","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24099","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42038","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42038"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461634","reference_id":"2461634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461634"},{"reference_url":"https://github.com/advisories/GHSA-m7pr-hjqh-92cm","reference_id":"GHSA-m7pr-hjqh-92cm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7pr-hjqh-92cm"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm","reference_id":"GHSA-m7pr-hjqh-92cm","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:46:29Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42038","GHSA-m7pr-hjqh-92cm"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47b2-yz73-8ffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70494?format=json","vulnerability_id":"VCID-4n9q-ca4t-nkh5","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent('\\x00') correctly produces the safe sequence %00, the charMap entry '%00': '\\x00' converts it back to a raw null byte. Primary impact is limited because the standard axios request flow is not affected. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42040","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24196","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42040","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://github.com/advisories/GHSA-xhjh-pmcv-23jw","reference_id":"GHSA-xhjh-pmcv-23jw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhjh-pmcv-23jw"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw","reference_id":"GHSA-xhjh-pmcv-23jw","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:48:02Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42040","GHSA-xhjh-pmcv-23jw"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9q-ca4t-nkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28639?format=json","vulnerability_id":"VCID-5mmh-tc9h-gkcu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42043","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07949","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42043","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42043"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461626","reference_id":"2461626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461626"},{"reference_url":"https://github.com/advisories/GHSA-pmwg-cvhr-8vh7","reference_id":"GHSA-pmwg-cvhr-8vh7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pmwg-cvhr-8vh7"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7","reference_id":"GHSA-pmwg-cvhr-8vh7","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:47:20Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42043","GHSA-pmwg-cvhr-8vh7"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mmh-tc9h-gkcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25816?format=json","vulnerability_id":"VCID-6a8h-2wvu-g7en","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2127","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","reference_id":"03cdfc99e8db32a390e12128208b6778492cee9c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"reference_url":"https://github.com/axios/axios/pull/10661","reference_id":"10661","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10661"},{"reference_url":"https://github.com/axios/axios/pull/10688","reference_id":"10688","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913","reference_id":"2456913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718","reference_id":"CVE-2025-62718","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718"},{"reference_url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df","reference_id":"fb3befb6daac6cad26b2e54094d0f2d9e47f24df","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"},{"reference_url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"GHSA-3p68-rc4w-qgx5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"GHSA-3p68-rc4w-qgx5","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1","reference_id":"rfc1034#section-3.1","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2","reference_id":"rfc3986#section-3.2.2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24471","reference_id":"RHSA-2026:24471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24766","reference_id":"RHSA-2026:24766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24866","reference_id":"RHSA-2026:24866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.31.0","reference_id":"v0.31.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.0","reference_id":"v1.15.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373809?format=json","purl":"pkg:npm/axios@1.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0"}],"aliases":["CVE-2025-62718","GHSA-3p68-rc4w-qgx5"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a8h-2wvu-g7en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23377?format=json","vulnerability_id":"VCID-6b7c-jgtj-63eu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27152","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde"},{"reference_url":"https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f"},{"reference_url":"https://github.com/axios/axios/pull/6829","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6829"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.8.2","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v1.8.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27152","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223","reference_id":"1102223","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2350618","reference_id":"2350618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2350618"},{"reference_url":"https://github.com/axios/axios/issues/6463","reference_id":"6463","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/"}],"url":"https://github.com/axios/axios/issues/6463"},{"reference_url":"https://github.com/advisories/GHSA-jr5f-v2jv-69x6","reference_id":"GHSA-jr5f-v2jv-69x6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jr5f-v2jv-69x6"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6","reference_id":"GHSA-jr5f-v2jv-69x6","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377916?format=json","purl":"pkg:npm/axios@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-6a8h-2wvu-g7en"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-f821-yte2-pkbj"},{"vulnerability":"VCID-g4m2-6ftk-bbaa"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-jpp8-3u2p-8qfn"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2"}],"aliases":["CVE-2025-27152","GHSA-jr5f-v2jv-69x6"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7c-jgtj-63eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70247?format=json","vulnerability_id":"VCID-7mzn-tmtx-q7dh","summary":"Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42044","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40563","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42044"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42044","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42044"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461624","reference_id":"2461624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461624"},{"reference_url":"https://github.com/advisories/GHSA-3w6x-2g7m-8v23","reference_id":"GHSA-3w6x-2g7m-8v23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w6x-2g7m-8v23"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23","reference_id":"GHSA-3w6x-2g7m-8v23","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:11:49Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20338","reference_id":"RHSA-2026:20338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20454","reference_id":"RHSA-2026:20454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24471","reference_id":"RHSA-2026:24471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24473","reference_id":"RHSA-2026:24473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41713?format=json","purl":"pkg:npm/axios@1.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8vwd-zh7x-d3dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.2"}],"aliases":["CVE-2026-42044","GHSA-3w6x-2g7m-8v23"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mzn-tmtx-q7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70300?format=json","vulnerability_id":"VCID-92q4-fhsk-5bd9","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself — any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42035","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15179","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42035","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461606","reference_id":"2461606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461606"},{"reference_url":"https://github.com/advisories/GHSA-6chq-wfr3-2hj9","reference_id":"GHSA-6chq-wfr3-2hj9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6chq-wfr3-2hj9"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9","reference_id":"GHSA-6chq-wfr3-2hj9","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:07:43Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24471","reference_id":"RHSA-2026:24471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42035","GHSA-6chq-wfr3-2hj9"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92q4-fhsk-5bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70621?format=json","vulnerability_id":"VCID-a346-zp6f-d7f7","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42042","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20378","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42042","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42042"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461637","reference_id":"2461637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461637"},{"reference_url":"https://github.com/advisories/GHSA-xx6v-rp6x-q39c","reference_id":"GHSA-xx6v-rp6x-q39c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx6v-rp6x-q39c"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c","reference_id":"GHSA-xx6v-rp6x-q39c","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:35:32Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42042","GHSA-xx6v-rp6x-q39c"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a346-zp6f-d7f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70577?format=json","vulnerability_id":"VCID-ef6h-8mvv-tqgb","summary":"Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF (\\r\\n) sequences. An attacker who controls the .type property of a Blob/File-like object (e.g., via a user-uploaded file in a Node.js proxy service) can inject arbitrary MIME part headers into the multipart form-data body. This bypasses Node.js v18+ built-in header protections because the injection targets the multipart body structure, not HTTP request headers. This vulnerability is fixed in 1.15.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42037.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42037.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42037","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26635","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42037"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42037","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42037"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461636","reference_id":"2461636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461636"},{"reference_url":"https://github.com/advisories/GHSA-445q-vr5w-6q77","reference_id":"GHSA-445q-vr5w-6q77","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-445q-vr5w-6q77"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77","reference_id":"GHSA-445q-vr5w-6q77","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:36:52Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42037","GHSA-445q-vr5w-6q77"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef6h-8mvv-tqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84336?format=json","vulnerability_id":"VCID-f821-yte2-pkbj","summary":"Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40175","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19867","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40175"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40175","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40175"},{"reference_url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","reference_id":"03cdfc99e8db32a390e12128208b6778492cee9c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"reference_url":"https://github.com/axios/axios/pull/10660","reference_id":"10660","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/pull/10660"},{"reference_url":"https://github.com/axios/axios/pull/10688","reference_id":"10688","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/pull/10688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457432","reference_id":"2457432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457432"},{"reference_url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1","reference_id":"363185461b90b1b78845dc8a99a1f103d9b122a1","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"},{"reference_url":"https://github.com/advisories/GHSA-fvcv-3m26-pcqx","reference_id":"GHSA-fvcv-3m26-pcqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvcv-3m26-pcqx"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx","reference_id":"GHSA-fvcv-3m26-pcqx","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10104","reference_id":"RHSA-2026:10104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10153","reference_id":"RHSA-2026:10153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10172","reference_id":"RHSA-2026:10172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14774","reference_id":"RHSA-2026:14774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15091","reference_id":"RHSA-2026:15091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24762","reference_id":"RHSA-2026:24762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8499","reference_id":"RHSA-2026:8499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8500","reference_id":"RHSA-2026:8500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8501","reference_id":"RHSA-2026:8501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.31.0","reference_id":"v0.31.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.0","reference_id":"v1.15.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373809?format=json","purl":"pkg:npm/axios@1.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0"}],"aliases":["CVE-2026-40175","GHSA-fvcv-3m26-pcqx"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f821-yte2-pkbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94089?format=json","vulnerability_id":"VCID-g4m2-6ftk-bbaa","summary":"Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58754","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58754","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963","reference_id":"1114963","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394735","reference_id":"2394735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394735"},{"reference_url":"https://github.com/axios/axios/pull/7011","reference_id":"7011","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/pull/7011"},{"reference_url":"https://github.com/axios/axios/pull/7034","reference_id":"7034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/pull/7034"},{"reference_url":"https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593","reference_id":"945435fc51467303768202250debb8d4ae892593","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"},{"reference_url":"https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67","reference_id":"a1b1d3f073a988601583a604f5f9f5d05a3d0b67","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67"},{"reference_url":"https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06","reference_id":"c30252f685e8f4326722de84923fcbc8cf557f06","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06"},{"reference_url":"https://github.com/advisories/GHSA-4hjh-wcwx-xvwj","reference_id":"GHSA-4hjh-wcwx-xvwj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4hjh-wcwx-xvwj"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj","reference_id":"GHSA-4hjh-wcwx-xvwj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16747","reference_id":"RHSA-2025:16747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18252","reference_id":"RHSA-2025:18252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19221","reference_id":"RHSA-2025:19221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19335","reference_id":"RHSA-2025:19335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19375","reference_id":"RHSA-2025:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19529","reference_id":"RHSA-2025:19529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19804","reference_id":"RHSA-2025:19804","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19961","reference_id":"RHSA-2025:19961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22684","reference_id":"RHSA-2025:22684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23546","reference_id":"RHSA-2025:23546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0627","reference_id":"RHSA-2026:0627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0718","reference_id":"RHSA-2026:0718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1018","reference_id":"RHSA-2026:1018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6226","reference_id":"RHSA-2026:6226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6226"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.30.2","reference_id":"v0.30.2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.30.2"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.12.0","reference_id":"v1.12.0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-12T13:08:38Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.12.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376724?format=json","purl":"pkg:npm/axios@1.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-6a8h-2wvu-g7en"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-f821-yte2-pkbj"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-jpp8-3u2p-8qfn"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.12.0"}],"aliases":["CVE-2025-58754","GHSA-4hjh-wcwx-xvwj"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4m2-6ftk-bbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28638?format=json","vulnerability_id":"VCID-h2m2-qvbh-47hy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42041","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20348","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42041","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42041"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461629","reference_id":"2461629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461629"},{"reference_url":"https://github.com/advisories/GHSA-w9j2-pvgh-6h63","reference_id":"GHSA-w9j2-pvgh-6h63","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9j2-pvgh-6h63"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63","reference_id":"GHSA-w9j2-pvgh-6h63","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:29:47Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42041","GHSA-w9j2-pvgh-6h63"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2m2-qvbh-47hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66287?format=json","vulnerability_id":"VCID-jpp8-3u2p-8qfn","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25639","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.3187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907","reference_id":"1127907","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438237","reference_id":"2438237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438237"},{"reference_url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57","reference_id":"28c721588c7a77e7503d0a434e016f852c597b57","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"},{"reference_url":"https://github.com/axios/axios/pull/7369","reference_id":"7369","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/pull/7369"},{"reference_url":"https://github.com/axios/axios/pull/7388","reference_id":"7388","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/pull/7388"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25639","reference_id":"CVE-2026-25639","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25639"},{"reference_url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e","reference_id":"d7ff1409c68168d3057fc3891f911b2b92616f9e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"},{"reference_url":"https://github.com/advisories/GHSA-43fc-jf86-j433","reference_id":"GHSA-43fc-jf86-j433","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43fc-jf86-j433"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433","reference_id":"GHSA-43fc-jf86-j433","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3087","reference_id":"RHSA-2026:3087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3105","reference_id":"RHSA-2026:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3106","reference_id":"RHSA-2026:3106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3107","reference_id":"RHSA-2026:3107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3109","reference_id":"RHSA-2026:3109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5142","reference_id":"RHSA-2026:5142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5174","reference_id":"RHSA-2026:5174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5633","reference_id":"RHSA-2026:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5636","reference_id":"RHSA-2026:5636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6170","reference_id":"RHSA-2026:6170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6174","reference_id":"RHSA-2026:6174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6192","reference_id":"RHSA-2026:6192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6277","reference_id":"RHSA-2026:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6308","reference_id":"RHSA-2026:6308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6309","reference_id":"RHSA-2026:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6404","reference_id":"RHSA-2026:6404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6428","reference_id":"RHSA-2026:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6802","reference_id":"RHSA-2026:6802","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7249","reference_id":"RHSA-2026:7249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8218","reference_id":"RHSA-2026:8218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8229","reference_id":"RHSA-2026:8229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8499","reference_id":"RHSA-2026:8499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8500","reference_id":"RHSA-2026:8500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8501","reference_id":"RHSA-2026:8501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9848","reference_id":"RHSA-2026:9848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9848"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.30.3","reference_id":"v0.30.3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.30.3"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.13.5","reference_id":"v1.13.5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.13.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38958?format=json","purl":"pkg:npm/axios@1.13.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-6a8h-2wvu-g7en"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-f821-yte2-pkbj"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5"}],"aliases":["CVE-2026-25639","GHSA-43fc-jf86-j433"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpp8-3u2p-8qfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70458?format=json","vulnerability_id":"VCID-qxwf-qv1y-n7aq","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https transport path). Oversized streamed uploads are sent fully even when the caller sets strict body limits. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42034","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26529","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42034","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461623","reference_id":"2461623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461623"},{"reference_url":"https://github.com/advisories/GHSA-5c9x-8gcm-mpgx","reference_id":"GHSA-5c9x-8gcm-mpgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c9x-8gcm-mpgx"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx","reference_id":"GHSA-5c9x-8gcm-mpgx","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:12:43Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42034","GHSA-5c9x-8gcm-mpgx"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwf-qv1y-n7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70509?format=json","vulnerability_id":"VCID-s4uw-vmgd-jkd5","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining access to request credentials, headers, and body. The precondition is prototype pollution from a separate source in the same process. This vulnerability is fixed in 1.15.1 and 0.31.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42033","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1869","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42033","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461607","reference_id":"2461607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461607"},{"reference_url":"https://github.com/advisories/GHSA-pf86-5x62-jrwf","reference_id":"GHSA-pf86-5x62-jrwf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf86-5x62-jrwf"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf","reference_id":"GHSA-pf86-5x62-jrwf","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:28:14Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42033","GHSA-pf86-5x62-jrwf"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4uw-vmgd-jkd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28637?format=json","vulnerability_id":"VCID-zdx2-huy6-sqce","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42039","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09435","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/85132ffba1a77609ea5d101c8a413dea7174932f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/85132ffba1a77609ea5d101c8a413dea7174932f"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v1.15.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42039","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461630","reference_id":"2461630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461630"},{"reference_url":"https://github.com/advisories/GHSA-62hf-57xw-28j9","reference_id":"GHSA-62hf-57xw-28j9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62hf-57xw-28j9"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9","reference_id":"GHSA-62hf-57xw-28j9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:14:11Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24473","reference_id":"RHSA-2026:24473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24536","reference_id":"RHSA-2026:24536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24539","reference_id":"RHSA-2026:24539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25041","reference_id":"RHSA-2026:25041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25089","reference_id":"RHSA-2026:25089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25271","reference_id":"RHSA-2026:25271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25273","reference_id":"RHSA-2026:25273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375411?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42039","GHSA-62hf-57xw-28j9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdx2-huy6-sqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28655?format=json","vulnerability_id":"VCID-zgv9-294d-kqfx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42264","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09283","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42264"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42264","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42264"},{"reference_url":"https://github.com/axios/axios/pull/10779","reference_id":"10779","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/"}],"url":"https://github.com/axios/axios/pull/10779"},{"reference_url":"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa","reference_id":"47915144662f2733e6c051bdcb895a8c8f0586aa","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/"}],"url":"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"},{"reference_url":"https://github.com/advisories/GHSA-q8qp-cvcw-x6jj","reference_id":"GHSA-q8qp-cvcw-x6jj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8qp-cvcw-x6jj"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj","reference_id":"GHSA-q8qp-cvcw-x6jj","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.2","reference_id":"v1.15.2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-08T14:10:24Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41713?format=json","purl":"pkg:npm/axios@1.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8vwd-zh7x-d3dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.2"}],"aliases":["CVE-2026-42264","GHSA-q8qp-cvcw-x6jj"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgv9-294d-kqfx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19761?format=json","vulnerability_id":"VCID-ydef-vukd-8qhf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39338.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39338.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39338","reference_id":"","reference_type":"","scores":[{"value":"0.02141","scoring_system":"epss","scoring_elements":"0.84585","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39338"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a"},{"reference_url":"https://github.com/axios/axios/pull/6539","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6539"},{"reference_url":"https://github.com/axios/axios/pull/6543","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6543"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.7.4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v1.7.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078878","reference_id":"1078878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304369","reference_id":"2304369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304369"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39338","reference_id":"CVE-2024-39338","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39338"},{"reference_url":"https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html","reference_id":"CVE-2024-39338.html","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T19:24:57Z/"}],"url":"https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"},{"reference_url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj","reference_id":"GHSA-8hc4-vh64-cxmj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hc4-vh64-cxmj"},{"reference_url":"https://github.com/axios/axios/releases","reference_id":"releases","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T19:24:57Z/"}],"url":"https://github.com/axios/axios/releases"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6209","reference_id":"RHSA-2024:6209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6210","reference_id":"RHSA-2024:6210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6211","reference_id":"RHSA-2024:6211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6667","reference_id":"RHSA-2024:6667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7164","reference_id":"RHSA-2024:7164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8014","reference_id":"RHSA-2024:8014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8023","reference_id":"RHSA-2024:8023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8981","reference_id":"RHSA-2024:8981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1249","reference_id":"RHSA-2025:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1249"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32968?format=json","purl":"pkg:npm/axios@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rmd-rsjh-27hf"},{"vulnerability":"VCID-47b2-yz73-8ffw"},{"vulnerability":"VCID-4n9q-ca4t-nkh5"},{"vulnerability":"VCID-5mmh-tc9h-gkcu"},{"vulnerability":"VCID-6a8h-2wvu-g7en"},{"vulnerability":"VCID-6b7c-jgtj-63eu"},{"vulnerability":"VCID-7mzn-tmtx-q7dh"},{"vulnerability":"VCID-92q4-fhsk-5bd9"},{"vulnerability":"VCID-a346-zp6f-d7f7"},{"vulnerability":"VCID-ef6h-8mvv-tqgb"},{"vulnerability":"VCID-f821-yte2-pkbj"},{"vulnerability":"VCID-g4m2-6ftk-bbaa"},{"vulnerability":"VCID-h2m2-qvbh-47hy"},{"vulnerability":"VCID-jpp8-3u2p-8qfn"},{"vulnerability":"VCID-qxwf-qv1y-n7aq"},{"vulnerability":"VCID-s4uw-vmgd-jkd5"},{"vulnerability":"VCID-zdx2-huy6-sqce"},{"vulnerability":"VCID-zgv9-294d-kqfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.7.4"}],"aliases":["CVE-2024-39338","GHSA-8hc4-vh64-cxmj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydef-vukd-8qhf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.7.4"}