Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/axios@0.25.0

Type npm

Namespace

Name axios

Version 0.25.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.32.0

Latest_non_vulnerable_version 1.16.0

Affected_by_vulnerabilities

url VCID-37kj-pzyt-8be6

vulnerability_id VCID-37kj-pzyt-8be6

summary

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
The `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25639

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13954
published_at	2026-06-06T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1395
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25639

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57

reference_url

https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e

reference_url

https://github.com/axios/axios/pull/7369

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/pull/7369

reference_url

https://github.com/axios/axios/pull/7388

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/pull/7388

reference_url

https://github.com/axios/axios/releases/tag/v0.30.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/releases/tag/v0.30.3

reference_url

https://github.com/axios/axios/releases/tag/v1.13.5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/releases/tag/v1.13.5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907
reference_id	1127907
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2438237
reference_id	2438237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2438237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25639

reference_id

CVE-2026-25639

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25639

reference_url

https://github.com/advisories/GHSA-43fc-jf86-j433

reference_id

GHSA-43fc-jf86-j433

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43fc-jf86-j433

reference_url

https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433

reference_id

GHSA-43fc-jf86-j433

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/

url

https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433

reference_url	https://access.redhat.com/errata/RHSA-2026:10184
reference_id	RHSA-2026:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10184

reference_url	https://access.redhat.com/errata/RHSA-2026:11414
reference_id	RHSA-2026:11414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11414

reference_url	https://access.redhat.com/errata/RHSA-2026:13542
reference_id	RHSA-2026:13542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13542

reference_url	https://access.redhat.com/errata/RHSA-2026:13548
reference_id	RHSA-2026:13548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13548

reference_url	https://access.redhat.com/errata/RHSA-2026:19712
reference_id	RHSA-2026:19712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19712

reference_url	https://access.redhat.com/errata/RHSA-2026:2694
reference_id	RHSA-2026:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2694

reference_url	https://access.redhat.com/errata/RHSA-2026:3087
reference_id	RHSA-2026:3087
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3087

reference_url	https://access.redhat.com/errata/RHSA-2026:3105
reference_id	RHSA-2026:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3105

reference_url	https://access.redhat.com/errata/RHSA-2026:3106
reference_id	RHSA-2026:3106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3106

reference_url	https://access.redhat.com/errata/RHSA-2026:3107
reference_id	RHSA-2026:3107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3107

reference_url	https://access.redhat.com/errata/RHSA-2026:3109
reference_id	RHSA-2026:3109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3109

reference_url	https://access.redhat.com/errata/RHSA-2026:4942
reference_id	RHSA-2026:4942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4942

reference_url	https://access.redhat.com/errata/RHSA-2026:5142
reference_id	RHSA-2026:5142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5142

reference_url	https://access.redhat.com/errata/RHSA-2026:5168
reference_id	RHSA-2026:5168
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5168

reference_url	https://access.redhat.com/errata/RHSA-2026:5174
reference_id	RHSA-2026:5174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5174

reference_url	https://access.redhat.com/errata/RHSA-2026:5633
reference_id	RHSA-2026:5633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5633

reference_url	https://access.redhat.com/errata/RHSA-2026:5636
reference_id	RHSA-2026:5636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5636

reference_url	https://access.redhat.com/errata/RHSA-2026:5665
reference_id	RHSA-2026:5665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5665

reference_url	https://access.redhat.com/errata/RHSA-2026:5807
reference_id	RHSA-2026:5807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5807

reference_url	https://access.redhat.com/errata/RHSA-2026:6170
reference_id	RHSA-2026:6170
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6170

reference_url	https://access.redhat.com/errata/RHSA-2026:6174
reference_id	RHSA-2026:6174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6174

reference_url	https://access.redhat.com/errata/RHSA-2026:6192
reference_id	RHSA-2026:6192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6192

reference_url	https://access.redhat.com/errata/RHSA-2026:6277
reference_id	RHSA-2026:6277
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6277

reference_url	https://access.redhat.com/errata/RHSA-2026:6308
reference_id	RHSA-2026:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6308

reference_url	https://access.redhat.com/errata/RHSA-2026:6309
reference_id	RHSA-2026:6309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6309

reference_url	https://access.redhat.com/errata/RHSA-2026:6404
reference_id	RHSA-2026:6404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6404

reference_url	https://access.redhat.com/errata/RHSA-2026:6428
reference_id	RHSA-2026:6428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6428

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://access.redhat.com/errata/RHSA-2026:6802
reference_id	RHSA-2026:6802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6802

reference_url	https://access.redhat.com/errata/RHSA-2026:7249
reference_id	RHSA-2026:7249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7249

reference_url	https://access.redhat.com/errata/RHSA-2026:8218
reference_id	RHSA-2026:8218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8218

reference_url	https://access.redhat.com/errata/RHSA-2026:8229
reference_id	RHSA-2026:8229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8229

reference_url	https://access.redhat.com/errata/RHSA-2026:8499
reference_id	RHSA-2026:8499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8499

reference_url	https://access.redhat.com/errata/RHSA-2026:8500
reference_id	RHSA-2026:8500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8500

reference_url	https://access.redhat.com/errata/RHSA-2026:8501
reference_id	RHSA-2026:8501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8501

reference_url	https://access.redhat.com/errata/RHSA-2026:9848
reference_id	RHSA-2026:9848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9848

fixed_packages

url pkg:npm/axios@0.30.3

purl pkg:npm/axios@0.30.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.3

url	pkg:npm/axios@1.0.0-alpha.1
purl	pkg:npm/axios@1.0.0-alpha.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1

url pkg:npm/axios@1.13.5

purl pkg:npm/axios@1.13.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-hadc-5d2f-gqe6

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-rusx-pwdw-zqcj

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5

aliases CVE-2026-25639, GHSA-43fc-jf86-j433

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37kj-pzyt-8be6

url VCID-4b7a-22xk-gbh9

vulnerability_id VCID-4b7a-22xk-gbh9

summary axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42039

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09393
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09373
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:14:11Z/

url

https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42039

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42039

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461630
reference_id	2461630
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461630

reference_url	https://github.com/advisories/GHSA-62hf-57xw-28j9
reference_id	GHSA-62hf-57xw-28j9
reference_type
scores
url	https://github.com/advisories/GHSA-62hf-57xw-28j9

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16476
reference_id	RHSA-2026:16476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16476

reference_url	https://access.redhat.com/errata/RHSA-2026:16532
reference_id	RHSA-2026:16532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16532

reference_url	https://access.redhat.com/errata/RHSA-2026:16534
reference_id	RHSA-2026:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16534

reference_url	https://access.redhat.com/errata/RHSA-2026:16535
reference_id	RHSA-2026:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16535

reference_url	https://access.redhat.com/errata/RHSA-2026:16542
reference_id	RHSA-2026:16542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16542

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19109
reference_id	RHSA-2026:19109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19109

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:21338
reference_id	RHSA-2026:21338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21338

reference_url	https://access.redhat.com/errata/RHSA-2026:21772
reference_id	RHSA-2026:21772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21772

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22619
reference_id	RHSA-2026:22619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22619

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42039, GHSA-62hf-57xw-28j9

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b7a-22xk-gbh9

url VCID-5kg1-k416-dfc1

vulnerability_id VCID-5kg1-k416-dfc1

summary

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
# Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

## Summary

The `encode()` function in `lib/helpers/AxiosURLSearchParams.js` contains a character mapping (`charMap`) at line 21 that **reverses** the safe percent-encoding of null bytes. After `encodeURIComponent('\x00')` correctly produces the safe sequence `%00`, the charMap entry `'%00': '\x00'` converts it back to a raw null byte.

This is a clear encoding defect: every other charMap entry encodes in the safe direction (literal → percent-encoded), while this single entry decodes in the opposite (dangerous) direction.

**Severity:** Low (CVSS 3.7)
**Affected Versions:** All versions containing this charMap entry
**Vulnerable Component:** `lib/helpers/AxiosURLSearchParams.js:21`

## CWE

- **CWE-626:** Null Byte Interaction Error (Poison Null Byte)
- **CWE-116:** Improper Encoding or Escaping of Output

## CVSS 3.1

**Score: 3.7 (Low)**

Vector: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N`

| Metric | Value | Justification |
|---|---|---|
| Attack Vector | Network | Attacker controls input parameters remotely |
| Attack Complexity | High | Standard axios request flow (`buildURL`) uses its own `encode` function which does NOT have this bug. Only triggered via direct `AxiosURLSearchParams.toString()` without an encoder, or via custom `paramsSerializer` delegation |
| Privileges Required | None | No authentication needed |
| User Interaction | None | No user interaction required |
| Scope | Unchanged | Impact limited to HTTP request URL |
| Confidentiality | None | No confidentiality impact |
| Integrity | Low | Null byte in URL can cause truncation in C-based backends, but requires a vulnerable downstream parser |
| Availability | None | No availability impact |

## Vulnerable Code

**File:** `lib/helpers/AxiosURLSearchParams.js`, lines 13-26

```javascript
function encode(str) {
  const charMap = {
    '!': '%21',     // literal → encoded (SAFE direction)
    "'": '%27',     // literal → encoded (SAFE direction)
    '(': '%28',     // literal → encoded (SAFE direction)
    ')': '%29',     // literal → encoded (SAFE direction)
    '~': '%7E',     // literal → encoded (SAFE direction)
    '%20': '+',     // standard transformation (SAFE)
    '%00': '\x00',  // LINE 21: encoded → raw null byte (UNSAFE direction!)
  };
  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {
    return charMap[match];
  });
}
```

### Why the Standard Flow Is NOT Affected

```javascript
// buildURL.js:36 — uses its OWN encode function (lines 14-20), not AxiosURLSearchParams's
const _encode = (options && options.encode) || encode;  // buildURL's encode

// buildURL.js:53 — passes buildURL's encode to AxiosURLSearchParams
new AxiosURLSearchParams(params, _options).toString(_encode);  // external encoder used

// AxiosURLSearchParams.js:48 — when encoder is provided, internal encode is NOT used
const _encode = encoder ? function(value) { return encoder.call(this, value, encode); } : encode;
//                                                                              ^^^^^^
//                                           internal encode passed as 2nd arg but only used if
//                                           the external encoder explicitly delegates to it
```

## Proof of Concept

```javascript
import AxiosURLSearchParams from './lib/helpers/AxiosURLSearchParams.js';
import buildURL from './lib/helpers/buildURL.js';

// Test 1: Direct AxiosURLSearchParams (VULNERABLE path)
const params = new AxiosURLSearchParams({ file: 'test\x00.txt' });
const result = params.toString();  // NO encoder → uses internal encode with charMap
console.log('Direct toString():', JSON.stringify(result));
// Output: "file=test\u0000.txt" (contains raw null byte)
console.log('Hex:', Buffer.from(result).toString('hex'));
// Output: 66696c653d74657374002e747874  (00 = null byte)

// Test 2: Via buildURL (NOT vulnerable — standard axios flow)
const url = buildURL('http://example.com/api', { file: 'test\x00.txt' });
console.log('Via buildURL:', url);
// Output: http://example.com/api?file=test%00.txt  (%00 preserved safely)
```

## Verified PoC Output

```
Direct toString(): "file=test\u0000.txt"
Contains raw null byte: true
Hex: 66696c653d74657374002e747874

Via buildURL: http://example.com/api?file=test%00.txt
Contains raw null byte: false
Contains safe %00: true
```

## Impact Analysis

**Primary impact is limited** because the standard axios request flow is not affected. However:

- **Direct API users:** Applications using `AxiosURLSearchParams` directly for custom serialization are affected
- **Custom paramsSerializer:** A `paramsSerializer.encode` that delegates to the internal encoder triggers the bug
- **Code defect signal:** The directional inconsistency in charMap is a clear coding error with no legitimate use case

If null bytes reach a downstream C-based parser, impacts include URL truncation, WAF bypass, and log injection.

## Recommended Fix

Remove the `%00` entry from charMap and update the regex:

```javascript
function encode(str) {
  const charMap = {
    '!': '%21',
    "'": '%27',
    '(': '%28',
    ')': '%29',
    '~': '%7E',
    '%20': '+',
    // REMOVED: '%00': '\x00'
  };
  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {
    //                                           ^^^^ removed |%00
    return charMap[match];
  });
}
```

## Resources

- [CWE-626: Null Byte Interaction Error](https://cwe.mitre.org/data/definitions/626.html)
- [CWE-116: Improper Encoding or Escaping of Output](https://cwe.mitre.org/data/definitions/116.html)
- [OWASP: Embedding Null Code](https://owasp.org/www-community/attacks/Embedding_Null_Code)
- [Axios GitHub Repository](https://github.com/axios/axios)

## Timeline

| Date | Event |
|---|---|
| 2026-04-15 | Vulnerability discovered during source code audit |
| 2026-04-16 | Report revised: documented standard-flow limitation, corrected CVSS |
| TBD | Report submitted to vendor via GitHub Security Advisory |

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42040

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24299
published_at	2026-06-05T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24281
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:48:02Z/

url

https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42040

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42040

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://github.com/advisories/GHSA-xhjh-pmcv-23jw
reference_id	GHSA-xhjh-pmcv-23jw
reference_type
scores
url	https://github.com/advisories/GHSA-xhjh-pmcv-23jw

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42040, GHSA-xhjh-pmcv-23jw

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kg1-k416-dfc1

url VCID-6ru1-uamj-5ud3

vulnerability_id VCID-6ru1-uamj-5ud3

summary axios: Axios: HTTP Transport Hijacking via Prototype Pollution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42033

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18711
published_at	2026-06-06T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18708
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42033

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:28:14Z/

url

https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42033

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42033

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461607
reference_id	2461607
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461607

reference_url	https://github.com/advisories/GHSA-pf86-5x62-jrwf
reference_id	GHSA-pf86-5x62-jrwf
reference_type
scores
url	https://github.com/advisories/GHSA-pf86-5x62-jrwf

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16476
reference_id	RHSA-2026:16476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16476

reference_url	https://access.redhat.com/errata/RHSA-2026:16532
reference_id	RHSA-2026:16532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16532

reference_url	https://access.redhat.com/errata/RHSA-2026:16534
reference_id	RHSA-2026:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16534

reference_url	https://access.redhat.com/errata/RHSA-2026:16535
reference_id	RHSA-2026:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16535

reference_url	https://access.redhat.com/errata/RHSA-2026:16542
reference_id	RHSA-2026:16542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16542

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19109
reference_id	RHSA-2026:19109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19109

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:21338
reference_id	RHSA-2026:21338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21338

reference_url	https://access.redhat.com/errata/RHSA-2026:21772
reference_id	RHSA-2026:21772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21772

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22619
reference_id	RHSA-2026:22619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22619

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42033, GHSA-pf86-5x62-jrwf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ru1-uamj-5ud3

url VCID-aqa5-vr2y-33cw

vulnerability_id VCID-aqa5-vr2y-33cw

summary

Axios Cross-Site Request Forgery Vulnerability
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45857

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39266
published_at	2026-06-06T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3926
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967

reference_url

https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0

reference_url

https://github.com/axios/axios/issues/6006

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/

url

https://github.com/axios/axios/issues/6006

reference_url

https://github.com/axios/axios/issues/6022

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/issues/6022

reference_url

https://github.com/axios/axios/pull/6028

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/pull/6028

reference_url

https://github.com/axios/axios/pull/6091

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/pull/6091

reference_url

https://github.com/axios/axios/releases/tag/v0.28.0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/releases/tag/v0.28.0

reference_url

https://github.com/axios/axios/releases/tag/v1.6.0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/releases/tag/v1.6.0

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099
reference_id	1056099
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2248979
reference_id	2248979
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2248979

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45857

reference_id

CVE-2023-45857

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45857

reference_url	https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
reference_id	GHSA-wf5p-g6vw-rhxx
reference_type
scores
url	https://github.com/advisories/GHSA-wf5p-g6vw-rhxx

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006/

reference_id

ntap-20240621-0006

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/

url

https://security.netapp.com/advisory/ntap-20240621-0006/

reference_url	https://access.redhat.com/errata/RHSA-2024:1925
reference_id	RHSA-2024:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1925

reference_url	https://access.redhat.com/errata/RHSA-2024:3314
reference_id	RHSA-2024:3314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3314

reference_url	https://access.redhat.com/errata/RHSA-2024:3316
reference_id	RHSA-2024:3316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3316

reference_url	https://access.redhat.com/errata/RHSA-2024:3473
reference_id	RHSA-2024:3473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3473

reference_url	https://access.redhat.com/errata/RHSA-2024:3920
reference_id	RHSA-2024:3920
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3920

reference_url	https://access.redhat.com/errata/RHSA-2024:4269
reference_id	RHSA-2024:4269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4269

reference_url	https://access.redhat.com/errata/RHSA-2024:4455
reference_id	RHSA-2024:4455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4455

reference_url	https://access.redhat.com/errata/RHSA-2024:5314
reference_id	RHSA-2024:5314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5314

reference_url	https://access.redhat.com/errata/RHSA-2025:2876
reference_id	RHSA-2025:2876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2876

fixed_packages

url pkg:npm/axios@0.28.0

purl pkg:npm/axios@0.28.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37kj-pzyt-8be6

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-axy8-kmka-pugw

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vq2d-yv43-57b6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.28.0

url	pkg:npm/axios@1.0.0-alpha.1
purl	pkg:npm/axios@1.0.0-alpha.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1

url pkg:npm/axios@1.6.0

purl pkg:npm/axios@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37kj-pzyt-8be6

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-axy8-kmka-pugw

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-h5yg-64cq-ekaa

vulnerability	VCID-hadc-5d2f-gqe6

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-rusx-pwdw-zqcj

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vq2d-yv43-57b6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.6.0

aliases CVE-2023-45857, GHSA-wf5p-g6vw-rhxx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqa5-vr2y-33cw

url VCID-gp41-4j8d-37ce

vulnerability_id VCID-gp41-4j8d-37ce

summary axios: Axios: Information disclosure due to `no_proxy` bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42038

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24185
published_at	2026-06-06T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24203
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:46:29Z/

url

https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42038

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42038

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461634
reference_id	2461634
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461634

reference_url	https://github.com/advisories/GHSA-m7pr-hjqh-92cm
reference_id	GHSA-m7pr-hjqh-92cm
reference_type
scores
url	https://github.com/advisories/GHSA-m7pr-hjqh-92cm

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42038, GHSA-m7pr-hjqh-92cm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gp41-4j8d-37ce

url VCID-jvs6-8bva-nqb3

vulnerability_id VCID-jvs6-8bva-nqb3

summary axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42036

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09393
published_at	2026-06-06T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09373
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:30:17Z/

url

https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42036

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42036

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461633
reference_id	2461633
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461633

reference_url	https://github.com/advisories/GHSA-vf2m-468p-8v99
reference_id	GHSA-vf2m-468p-8v99
reference_type
scores
url	https://github.com/advisories/GHSA-vf2m-468p-8v99

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42036, GHSA-vf2m-468p-8v99

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvs6-8bva-nqb3

url VCID-kwj2-mk8c-4fef

vulnerability_id VCID-kwj2-mk8c-4fef

summary axios: Axios: Remote Code Execution via Prototype Pollution escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40175

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19878
published_at	2026-06-06T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19885
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40175

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-876049.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-876049.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c

reference_url

https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1

reference_url

https://github.com/axios/axios/pull/10660

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/pull/10660

reference_url

https://github.com/axios/axios/pull/10660#issuecomment-4224168081

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/pull/10660#issuecomment-4224168081

reference_url

https://github.com/axios/axios/pull/10688

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/pull/10688

reference_url

https://github.com/axios/axios/releases/tag/v0.31.0

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/releases/tag/v0.31.0

reference_url

https://github.com/axios/axios/releases/tag/v1.15.0

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/releases/tag/v1.15.0

reference_url

https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/

url

https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40175

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40175

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457432
reference_id	2457432
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457432

reference_url	https://access.redhat.com/errata/RHSA-2026:10104
reference_id	RHSA-2026:10104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10104

reference_url	https://access.redhat.com/errata/RHSA-2026:10153
reference_id	RHSA-2026:10153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10153

reference_url	https://access.redhat.com/errata/RHSA-2026:10172
reference_id	RHSA-2026:10172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10172

reference_url	https://access.redhat.com/errata/RHSA-2026:10175
reference_id	RHSA-2026:10175
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10175

reference_url	https://access.redhat.com/errata/RHSA-2026:11414
reference_id	RHSA-2026:11414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:11414

reference_url	https://access.redhat.com/errata/RHSA-2026:13542
reference_id	RHSA-2026:13542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13542

reference_url	https://access.redhat.com/errata/RHSA-2026:13548
reference_id	RHSA-2026:13548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13548

reference_url	https://access.redhat.com/errata/RHSA-2026:13571
reference_id	RHSA-2026:13571
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13571

reference_url	https://access.redhat.com/errata/RHSA-2026:13826
reference_id	RHSA-2026:13826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13826

reference_url	https://access.redhat.com/errata/RHSA-2026:14774
reference_id	RHSA-2026:14774
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14774

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:15091
reference_id	RHSA-2026:15091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:15091

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19712
reference_id	RHSA-2026:19712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19712

reference_url	https://access.redhat.com/errata/RHSA-2026:20041
reference_id	RHSA-2026:20041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20041

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:8483
reference_id	RHSA-2026:8483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8483

reference_url	https://access.redhat.com/errata/RHSA-2026:8484
reference_id	RHSA-2026:8484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8484

reference_url	https://access.redhat.com/errata/RHSA-2026:8490
reference_id	RHSA-2026:8490
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8490

reference_url	https://access.redhat.com/errata/RHSA-2026:8491
reference_id	RHSA-2026:8491
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8491

reference_url	https://access.redhat.com/errata/RHSA-2026:8493
reference_id	RHSA-2026:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8493

reference_url	https://access.redhat.com/errata/RHSA-2026:8499
reference_id	RHSA-2026:8499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8499

reference_url	https://access.redhat.com/errata/RHSA-2026:8500
reference_id	RHSA-2026:8500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8500

reference_url	https://access.redhat.com/errata/RHSA-2026:8501
reference_id	RHSA-2026:8501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8501

reference_url	https://access.redhat.com/errata/RHSA-2026:9742
reference_id	RHSA-2026:9742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9742

fixed_packages

url pkg:npm/axios@0.31.0

purl pkg:npm/axios@0.31.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.0

url	pkg:npm/axios@1.0.0-alpha.1
purl	pkg:npm/axios@1.0.0-alpha.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1

url pkg:npm/axios@1.15.0

purl pkg:npm/axios@1.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-hadc-5d2f-gqe6

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-rusx-pwdw-zqcj

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0

aliases CVE-2026-40175, GHSA-fvcv-3m26-pcqx

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwj2-mk8c-4fef

url VCID-td7u-cct6-bud6

vulnerability_id VCID-td7u-cct6-bud6

summary axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62718

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21334
published_at	2026-06-06T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21348
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718

reference_url

https://datatracker.ietf.org/doc/html/rfc1034#section-3.1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://datatracker.ietf.org/doc/html/rfc1034#section-3.1

reference_url

https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c

reference_url

https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df

reference_url

https://github.com/axios/axios/pull/10661

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/pull/10661

reference_url

https://github.com/axios/axios/pull/10688

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/pull/10688

reference_url

https://github.com/axios/axios/releases/tag/v0.31.0

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/releases/tag/v0.31.0

reference_url

https://github.com/axios/axios/releases/tag/v1.15.0

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/releases/tag/v1.15.0

reference_url

https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/

url

https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62718

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456913
reference_id	2456913
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456913

reference_url	https://github.com/advisories/GHSA-3p68-rc4w-qgx5
reference_id	GHSA-3p68-rc4w-qgx5
reference_type
scores
url	https://github.com/advisories/GHSA-3p68-rc4w-qgx5

reference_url	https://access.redhat.com/errata/RHSA-2026:10175
reference_id	RHSA-2026:10175
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10175

reference_url	https://access.redhat.com/errata/RHSA-2026:13571
reference_id	RHSA-2026:13571
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13571

reference_url	https://access.redhat.com/errata/RHSA-2026:13826
reference_id	RHSA-2026:13826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13826

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:19712
reference_id	RHSA-2026:19712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19712

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

reference_url	https://access.redhat.com/errata/RHSA-2026:8483
reference_id	RHSA-2026:8483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8483

reference_url	https://access.redhat.com/errata/RHSA-2026:8484
reference_id	RHSA-2026:8484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8484

reference_url	https://access.redhat.com/errata/RHSA-2026:8490
reference_id	RHSA-2026:8490
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8490

reference_url	https://access.redhat.com/errata/RHSA-2026:8491
reference_id	RHSA-2026:8491
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8491

reference_url	https://access.redhat.com/errata/RHSA-2026:8493
reference_id	RHSA-2026:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8493

reference_url	https://access.redhat.com/errata/RHSA-2026:9742
reference_id	RHSA-2026:9742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9742

fixed_packages

url pkg:npm/axios@0.31.0

purl pkg:npm/axios@0.31.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.0

url	pkg:npm/axios@1.0.0-alpha.1
purl	pkg:npm/axios@1.0.0-alpha.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1

url pkg:npm/axios@1.15.0

purl pkg:npm/axios@1.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-hadc-5d2f-gqe6

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-rusx-pwdw-zqcj

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0

aliases CVE-2025-62718, GHSA-3p68-rc4w-qgx5

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-td7u-cct6-bud6

url VCID-vq2d-yv43-57b6

vulnerability_id VCID-vq2d-yv43-57b6

summary

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27152

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43838
published_at	2026-06-06T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43829
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde

reference_url

https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f

reference_url

https://github.com/axios/axios/issues/6463

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/

url

https://github.com/axios/axios/issues/6463

reference_url

https://github.com/axios/axios/pull/6829

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/pull/6829

reference_url

https://github.com/axios/axios/releases/tag/v1.8.2

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios/releases/tag/v1.8.2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223
reference_id	1102223
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2350618
reference_id	2350618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2350618

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-27152

reference_id

CVE-2025-27152

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-27152

reference_url	https://github.com/advisories/GHSA-jr5f-v2jv-69x6
reference_id	GHSA-jr5f-v2jv-69x6
reference_type
scores
url	https://github.com/advisories/GHSA-jr5f-v2jv-69x6

reference_url

https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6

reference_id

GHSA-jr5f-v2jv-69x6

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/

url

https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6

fixed_packages

url pkg:npm/axios@0.30.0

purl pkg:npm/axios@0.30.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37kj-pzyt-8be6

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-axy8-kmka-pugw

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.0

url	pkg:npm/axios@1.0.0-alpha.1
purl	pkg:npm/axios@1.0.0-alpha.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1

url pkg:npm/axios@1.8.2

purl pkg:npm/axios@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37kj-pzyt-8be6

vulnerability	VCID-4b7a-22xk-gbh9

vulnerability	VCID-5kg1-k416-dfc1

vulnerability	VCID-6ru1-uamj-5ud3

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-axy8-kmka-pugw

vulnerability	VCID-gp41-4j8d-37ce

vulnerability	VCID-hadc-5d2f-gqe6

vulnerability	VCID-jvs6-8bva-nqb3

vulnerability	VCID-kwj2-mk8c-4fef

vulnerability	VCID-rusx-pwdw-zqcj

vulnerability	VCID-td7u-cct6-bud6

vulnerability	VCID-vzqt-dj1z-bqa6

vulnerability	VCID-xdas-dhtb-nuge

vulnerability	VCID-xg1x-4spz-jucn

vulnerability	VCID-yu5y-e4bk-zyfp

vulnerability	VCID-z5pf-pqcd-ckas

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2

aliases CVE-2025-27152, GHSA-jr5f-v2jv-69x6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2d-yv43-57b6

url VCID-vzqt-dj1z-bqa6

vulnerability_id VCID-vzqt-dj1z-bqa6

summary axios: Axios: Arbitrary HTTP header injection via prototype pollution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42035

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15185
published_at	2026-06-06T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.15195
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:07:43Z/

url

https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42035

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42035

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461606
reference_id	2461606
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461606

reference_url	https://github.com/advisories/GHSA-6chq-wfr3-2hj9
reference_id	GHSA-6chq-wfr3-2hj9
reference_type
scores
url	https://github.com/advisories/GHSA-6chq-wfr3-2hj9

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16476
reference_id	RHSA-2026:16476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16476

reference_url	https://access.redhat.com/errata/RHSA-2026:16532
reference_id	RHSA-2026:16532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16532

reference_url	https://access.redhat.com/errata/RHSA-2026:16534
reference_id	RHSA-2026:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16534

reference_url	https://access.redhat.com/errata/RHSA-2026:16535
reference_id	RHSA-2026:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16535

reference_url	https://access.redhat.com/errata/RHSA-2026:16542
reference_id	RHSA-2026:16542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16542

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19109
reference_id	RHSA-2026:19109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19109

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:21338
reference_id	RHSA-2026:21338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21338

reference_url	https://access.redhat.com/errata/RHSA-2026:21772
reference_id	RHSA-2026:21772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21772

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42035, GHSA-6chq-wfr3-2hj9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzqt-dj1z-bqa6

url VCID-xdas-dhtb-nuge

vulnerability_id VCID-xdas-dhtb-nuge

summary axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42041

reference_id

reference_type

scores

value	0.00202
scoring_system	epss
scoring_elements	0.42235
published_at	2026-06-06T12:55:00Z

value	0.00202
scoring_system	epss
scoring_elements	0.42224
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42041

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:29:47Z/

url

https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42041

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42041

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461629
reference_id	2461629
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461629

reference_url	https://github.com/advisories/GHSA-w9j2-pvgh-6h63
reference_id	GHSA-w9j2-pvgh-6h63
reference_type
scores
url	https://github.com/advisories/GHSA-w9j2-pvgh-6h63

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16476
reference_id	RHSA-2026:16476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16476

reference_url	https://access.redhat.com/errata/RHSA-2026:16532
reference_id	RHSA-2026:16532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16532

reference_url	https://access.redhat.com/errata/RHSA-2026:16534
reference_id	RHSA-2026:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16534

reference_url	https://access.redhat.com/errata/RHSA-2026:16535
reference_id	RHSA-2026:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16535

reference_url	https://access.redhat.com/errata/RHSA-2026:16542
reference_id	RHSA-2026:16542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16542

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19109
reference_id	RHSA-2026:19109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19109

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:21338
reference_id	RHSA-2026:21338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21338

reference_url	https://access.redhat.com/errata/RHSA-2026:21772
reference_id	RHSA-2026:21772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21772

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22619
reference_id	RHSA-2026:22619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22619

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42041, GHSA-w9j2-pvgh-6h63

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdas-dhtb-nuge

url VCID-xg1x-4spz-jucn

vulnerability_id VCID-xg1x-4spz-jucn

summary axios: Axios: XSRF token bypass leading to information disclosure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42042

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20406
published_at	2026-06-06T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20417
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:35:32Z/

url

https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42042

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42042

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461637
reference_id	2461637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461637

reference_url	https://github.com/advisories/GHSA-xx6v-rp6x-q39c
reference_id	GHSA-xx6v-rp6x-q39c
reference_type
scores
url	https://github.com/advisories/GHSA-xx6v-rp6x-q39c

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42042, GHSA-xx6v-rp6x-q39c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg1x-4spz-jucn

url VCID-yu5y-e4bk-zyfp

vulnerability_id VCID-yu5y-e4bk-zyfp

summary axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42034

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26583
published_at	2026-06-06T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26593
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42034

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:12:43Z/

url

https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42034

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42034

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461623
reference_id	2461623
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461623

reference_url	https://github.com/advisories/GHSA-5c9x-8gcm-mpgx
reference_id	GHSA-5c9x-8gcm-mpgx
reference_type
scores
url	https://github.com/advisories/GHSA-5c9x-8gcm-mpgx

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42034, GHSA-5c9x-8gcm-mpgx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu5y-e4bk-zyfp

url VCID-z5pf-pqcd-ckas

vulnerability_id VCID-z5pf-pqcd-ckas

summary axios: Axios: NO_PROXY bypass via crafted URL

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42043

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07966
published_at	2026-06-06T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07951
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/axios/axios

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/axios/axios

reference_url

https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:47:20Z/

url

https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42043

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42043

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878
reference_id	1134878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461626
reference_id	2461626
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461626

reference_url	https://github.com/advisories/GHSA-pmwg-cvhr-8vh7
reference_id	GHSA-pmwg-cvhr-8vh7
reference_type
scores
url	https://github.com/advisories/GHSA-pmwg-cvhr-8vh7

reference_url	https://access.redhat.com/errata/RHSA-2026:14937
reference_id	RHSA-2026:14937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14937

reference_url	https://access.redhat.com/errata/RHSA-2026:16476
reference_id	RHSA-2026:16476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16476

reference_url	https://access.redhat.com/errata/RHSA-2026:16532
reference_id	RHSA-2026:16532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16532

reference_url	https://access.redhat.com/errata/RHSA-2026:16534
reference_id	RHSA-2026:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16534

reference_url	https://access.redhat.com/errata/RHSA-2026:16535
reference_id	RHSA-2026:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16535

reference_url	https://access.redhat.com/errata/RHSA-2026:16542
reference_id	RHSA-2026:16542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16542

reference_url	https://access.redhat.com/errata/RHSA-2026:16874
reference_id	RHSA-2026:16874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16874

reference_url	https://access.redhat.com/errata/RHSA-2026:17468
reference_id	RHSA-2026:17468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17468

reference_url	https://access.redhat.com/errata/RHSA-2026:17474
reference_id	RHSA-2026:17474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17474

reference_url	https://access.redhat.com/errata/RHSA-2026:17657
reference_id	RHSA-2026:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17657

reference_url	https://access.redhat.com/errata/RHSA-2026:17699
reference_id	RHSA-2026:17699
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17699

reference_url	https://access.redhat.com/errata/RHSA-2026:19109
reference_id	RHSA-2026:19109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19109

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:20889
reference_id	RHSA-2026:20889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20889

reference_url	https://access.redhat.com/errata/RHSA-2026:20938
reference_id	RHSA-2026:20938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20938

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://access.redhat.com/errata/RHSA-2026:21338
reference_id	RHSA-2026:21338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21338

reference_url	https://access.redhat.com/errata/RHSA-2026:21772
reference_id	RHSA-2026:21772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21772

reference_url	https://access.redhat.com/errata/RHSA-2026:22465
reference_id	RHSA-2026:22465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22465

reference_url	https://access.redhat.com/errata/RHSA-2026:22619
reference_id	RHSA-2026:22619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22619

reference_url	https://access.redhat.com/errata/RHSA-2026:22629
reference_id	RHSA-2026:22629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22629

reference_url	https://access.redhat.com/errata/RHSA-2026:22840
reference_id	RHSA-2026:22840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:22840

reference_url	https://access.redhat.com/errata/RHSA-2026:23361
reference_id	RHSA-2026:23361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23361

fixed_packages

url pkg:npm/axios@0.31.1

purl pkg:npm/axios@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a1pu-e3yu-duhv

vulnerability	VCID-etz1-9ead-s3aj

vulnerability	VCID-s7er-h5fa-euep

vulnerability	VCID-udyu-q8pp-akb7

vulnerability	VCID-wvss-z8cx-6khr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1

url pkg:npm/axios@1.15.1

purl pkg:npm/axios@1.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8a5f-cd5t-mucc

vulnerability	VCID-rusx-pwdw-zqcj

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1

aliases CVE-2026-42043, GHSA-pmwg-cvhr-8vh7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5pf-pqcd-ckas

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.25.0

Package Instance