{"url":"http://public2.vulnerablecode.io/api/packages/508221?format=json","purl":"pkg:npm/axios@0.25.0","type":"npm","namespace":"","name":"axios","version":"0.25.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.32.0","latest_non_vulnerable_version":"1.16.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50064?format=json","vulnerability_id":"VCID-37kj-pzyt-8be6","summary":"Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig\nThe `mergeConfig` function in axios crashes with a TypeError when processing configuration objects containing `__proto__` as an own property. An attacker can trigger this by providing a malicious configuration object created via `JSON.parse()`, causing complete denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25639","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13954","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1395","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25639"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"},{"reference_url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"},{"reference_url":"https://github.com/axios/axios/pull/7369","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/pull/7369"},{"reference_url":"https://github.com/axios/axios/pull/7388","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/pull/7388"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.30.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.30.3"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.13.5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.13.5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907","reference_id":"1127907","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127907"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438237","reference_id":"2438237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438237"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25639","reference_id":"CVE-2026-25639","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25639"},{"reference_url":"https://github.com/advisories/GHSA-43fc-jf86-j433","reference_id":"GHSA-43fc-jf86-j433","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43fc-jf86-j433"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433","reference_id":"GHSA-43fc-jf86-j433","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:46Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3087","reference_id":"RHSA-2026:3087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3105","reference_id":"RHSA-2026:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3106","reference_id":"RHSA-2026:3106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3107","reference_id":"RHSA-2026:3107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3109","reference_id":"RHSA-2026:3109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5142","reference_id":"RHSA-2026:5142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5174","reference_id":"RHSA-2026:5174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5633","reference_id":"RHSA-2026:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5636","reference_id":"RHSA-2026:5636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6170","reference_id":"RHSA-2026:6170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6174","reference_id":"RHSA-2026:6174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6192","reference_id":"RHSA-2026:6192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6277","reference_id":"RHSA-2026:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6308","reference_id":"RHSA-2026:6308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6309","reference_id":"RHSA-2026:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6404","reference_id":"RHSA-2026:6404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6428","reference_id":"RHSA-2026:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6802","reference_id":"RHSA-2026:6802","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7249","reference_id":"RHSA-2026:7249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8218","reference_id":"RHSA-2026:8218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8229","reference_id":"RHSA-2026:8229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8499","reference_id":"RHSA-2026:8499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8500","reference_id":"RHSA-2026:8500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8501","reference_id":"RHSA-2026:8501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9848","reference_id":"RHSA-2026:9848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9848"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73934?format=json","purl":"pkg:npm/axios@0.30.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.3"},{"url":"http://public2.vulnerablecode.io/api/packages/508230?format=json","purl":"pkg:npm/axios@1.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73935?format=json","purl":"pkg:npm/axios@1.13.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-hadc-5d2f-gqe6"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-rusx-pwdw-zqcj"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.13.5"}],"aliases":["CVE-2026-25639","GHSA-43fc-jf86-j433"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37kj-pzyt-8be6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61879?format=json","vulnerability_id":"VCID-4b7a-22xk-gbh9","summary":"axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42039","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09393","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09373","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:14:11Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42039","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461630","reference_id":"2461630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461630"},{"reference_url":"https://github.com/advisories/GHSA-62hf-57xw-28j9","reference_id":"GHSA-62hf-57xw-28j9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62hf-57xw-28j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42039","GHSA-62hf-57xw-28j9"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b7a-22xk-gbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92051?format=json","vulnerability_id":"VCID-5kg1-k416-dfc1","summary":"Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams\n# Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams\n\n## Summary\n\nThe `encode()` function in `lib/helpers/AxiosURLSearchParams.js` contains a character mapping (`charMap`) at line 21 that **reverses** the safe percent-encoding of null bytes. After `encodeURIComponent('\\x00')` correctly produces the safe sequence `%00`, the charMap entry `'%00': '\\x00'` converts it back to a raw null byte.\n\nThis is a clear encoding defect: every other charMap entry encodes in the safe direction (literal → percent-encoded), while this single entry decodes in the opposite (dangerous) direction.\n\n**Severity:** Low (CVSS 3.7)\n**Affected Versions:** All versions containing this charMap entry\n**Vulnerable Component:** `lib/helpers/AxiosURLSearchParams.js:21`\n\n## CWE\n\n- **CWE-626:** Null Byte Interaction Error (Poison Null Byte)\n- **CWE-116:** Improper Encoding or Escaping of Output\n\n## CVSS 3.1\n\n**Score: 3.7 (Low)**\n\nVector: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N`\n\n| Metric | Value | Justification |\n|---|---|---|\n| Attack Vector | Network | Attacker controls input parameters remotely |\n| Attack Complexity | High | Standard axios request flow (`buildURL`) uses its own `encode` function which does NOT have this bug. Only triggered via direct `AxiosURLSearchParams.toString()` without an encoder, or via custom `paramsSerializer` delegation |\n| Privileges Required | None | No authentication needed |\n| User Interaction | None | No user interaction required |\n| Scope | Unchanged | Impact limited to HTTP request URL |\n| Confidentiality | None | No confidentiality impact |\n| Integrity | Low | Null byte in URL can cause truncation in C-based backends, but requires a vulnerable downstream parser |\n| Availability | None | No availability impact |\n\n## Vulnerable Code\n\n**File:** `lib/helpers/AxiosURLSearchParams.js`, lines 13-26\n\n```javascript\nfunction encode(str) {\n  const charMap = {\n    '!': '%21',     // literal → encoded (SAFE direction)\n    \"'\": '%27',     // literal → encoded (SAFE direction)\n    '(': '%28',     // literal → encoded (SAFE direction)\n    ')': '%29',     // literal → encoded (SAFE direction)\n    '~': '%7E',     // literal → encoded (SAFE direction)\n    '%20': '+',     // standard transformation (SAFE)\n    '%00': '\\x00',  // LINE 21: encoded → raw null byte (UNSAFE direction!)\n  };\n  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {\n    return charMap[match];\n  });\n}\n```\n\n### Why the Standard Flow Is NOT Affected\n\n```javascript\n// buildURL.js:36 — uses its OWN encode function (lines 14-20), not AxiosURLSearchParams's\nconst _encode = (options && options.encode) || encode;  // buildURL's encode\n\n// buildURL.js:53 — passes buildURL's encode to AxiosURLSearchParams\nnew AxiosURLSearchParams(params, _options).toString(_encode);  // external encoder used\n\n// AxiosURLSearchParams.js:48 — when encoder is provided, internal encode is NOT used\nconst _encode = encoder ? function(value) { return encoder.call(this, value, encode); } : encode;\n//                                                                              ^^^^^^\n//                                           internal encode passed as 2nd arg but only used if\n//                                           the external encoder explicitly delegates to it\n```\n\n## Proof of Concept\n\n```javascript\nimport AxiosURLSearchParams from './lib/helpers/AxiosURLSearchParams.js';\nimport buildURL from './lib/helpers/buildURL.js';\n\n// Test 1: Direct AxiosURLSearchParams (VULNERABLE path)\nconst params = new AxiosURLSearchParams({ file: 'test\\x00.txt' });\nconst result = params.toString();  // NO encoder → uses internal encode with charMap\nconsole.log('Direct toString():', JSON.stringify(result));\n// Output: \"file=test\\u0000.txt\" (contains raw null byte)\nconsole.log('Hex:', Buffer.from(result).toString('hex'));\n// Output: 66696c653d74657374002e747874  (00 = null byte)\n\n// Test 2: Via buildURL (NOT vulnerable — standard axios flow)\nconst url = buildURL('http://example.com/api', { file: 'test\\x00.txt' });\nconsole.log('Via buildURL:', url);\n// Output: http://example.com/api?file=test%00.txt  (%00 preserved safely)\n```\n\n## Verified PoC Output\n\n```\nDirect toString(): \"file=test\\u0000.txt\"\nContains raw null byte: true\nHex: 66696c653d74657374002e747874\n\nVia buildURL: http://example.com/api?file=test%00.txt\nContains raw null byte: false\nContains safe %00: true\n```\n\n## Impact Analysis\n\n**Primary impact is limited** because the standard axios request flow is not affected. However:\n\n- **Direct API users:** Applications using `AxiosURLSearchParams` directly for custom serialization are affected\n- **Custom paramsSerializer:** A `paramsSerializer.encode` that delegates to the internal encoder triggers the bug\n- **Code defect signal:** The directional inconsistency in charMap is a clear coding error with no legitimate use case\n\nIf null bytes reach a downstream C-based parser, impacts include URL truncation, WAF bypass, and log injection.\n\n## Recommended Fix\n\nRemove the `%00` entry from charMap and update the regex:\n\n```javascript\nfunction encode(str) {\n  const charMap = {\n    '!': '%21',\n    \"'\": '%27',\n    '(': '%28',\n    ')': '%29',\n    '~': '%7E',\n    '%20': '+',\n    // REMOVED: '%00': '\\x00'\n  };\n  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {\n    //                                           ^^^^ removed |%00\n    return charMap[match];\n  });\n}\n```\n\n## Resources\n\n- [CWE-626: Null Byte Interaction Error](https://cwe.mitre.org/data/definitions/626.html)\n- [CWE-116: Improper Encoding or Escaping of Output](https://cwe.mitre.org/data/definitions/116.html)\n- [OWASP: Embedding Null Code](https://owasp.org/www-community/attacks/Embedding_Null_Code)\n- [Axios GitHub Repository](https://github.com/axios/axios)\n\n## Timeline\n\n| Date | Event |\n|---|---|\n| 2026-04-15 | Vulnerability discovered during source code audit |\n| 2026-04-16 | Report revised: documented standard-flow limitation, corrected CVSS |\n| TBD | Report submitted to vendor via GitHub Security Advisory |","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42040","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24281","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24299","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42040"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:48:02Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42040","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://github.com/advisories/GHSA-xhjh-pmcv-23jw","reference_id":"GHSA-xhjh-pmcv-23jw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhjh-pmcv-23jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42040","GHSA-xhjh-pmcv-23jw"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kg1-k416-dfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61896?format=json","vulnerability_id":"VCID-6ru1-uamj-5ud3","summary":"axios: Axios: HTTP Transport Hijacking via Prototype Pollution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42033","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18711","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42033"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:28:14Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42033","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461607","reference_id":"2461607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461607"},{"reference_url":"https://github.com/advisories/GHSA-pf86-5x62-jrwf","reference_id":"GHSA-pf86-5x62-jrwf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf86-5x62-jrwf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42033","GHSA-pf86-5x62-jrwf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ru1-uamj-5ud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46353?format=json","vulnerability_id":"VCID-aqa5-vr2y-33cw","summary":"Axios Cross-Site Request Forgery Vulnerability\nAn issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45857","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39266","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3926","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45857"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967"},{"reference_url":"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0"},{"reference_url":"https://github.com/axios/axios/issues/6006","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/"}],"url":"https://github.com/axios/axios/issues/6006"},{"reference_url":"https://github.com/axios/axios/issues/6022","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/issues/6022"},{"reference_url":"https://github.com/axios/axios/pull/6028","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6028"},{"reference_url":"https://github.com/axios/axios/pull/6091","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6091"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.28.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v0.28.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v1.6.0"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099","reference_id":"1056099","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248979","reference_id":"2248979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248979"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45857","reference_id":"CVE-2023-45857","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45857"},{"reference_url":"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx","reference_id":"GHSA-wf5p-g6vw-rhxx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006/","reference_id":"ntap-20240621-0006","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-04T15:13:57Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1925","reference_id":"RHSA-2024:1925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3314","reference_id":"RHSA-2024:3314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3316","reference_id":"RHSA-2024:3316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3473","reference_id":"RHSA-2024:3473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3920","reference_id":"RHSA-2024:3920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4269","reference_id":"RHSA-2024:4269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4455","reference_id":"RHSA-2024:4455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5314","reference_id":"RHSA-2024:5314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2876","reference_id":"RHSA-2025:2876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67652?format=json","purl":"pkg:npm/axios@0.28.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37kj-pzyt-8be6"},{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-axy8-kmka-pugw"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vq2d-yv43-57b6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.28.0"},{"url":"http://public2.vulnerablecode.io/api/packages/508230?format=json","purl":"pkg:npm/axios@1.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67651?format=json","purl":"pkg:npm/axios@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37kj-pzyt-8be6"},{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-axy8-kmka-pugw"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-h5yg-64cq-ekaa"},{"vulnerability":"VCID-hadc-5d2f-gqe6"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-rusx-pwdw-zqcj"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vq2d-yv43-57b6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.6.0"}],"aliases":["CVE-2023-45857","GHSA-wf5p-g6vw-rhxx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqa5-vr2y-33cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61886?format=json","vulnerability_id":"VCID-gp41-4j8d-37ce","summary":"axios: Axios: Information disclosure due to `no_proxy` bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42038","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24185","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42038"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:46:29Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42038","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42038"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461634","reference_id":"2461634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461634"},{"reference_url":"https://github.com/advisories/GHSA-m7pr-hjqh-92cm","reference_id":"GHSA-m7pr-hjqh-92cm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7pr-hjqh-92cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42038","GHSA-m7pr-hjqh-92cm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gp41-4j8d-37ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61882?format=json","vulnerability_id":"VCID-jvs6-8bva-nqb3","summary":"axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42036","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09373","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09393","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42036"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:30:17Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42036","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42036"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461633","reference_id":"2461633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461633"},{"reference_url":"https://github.com/advisories/GHSA-vf2m-468p-8v99","reference_id":"GHSA-vf2m-468p-8v99","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf2m-468p-8v99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42036","GHSA-vf2m-468p-8v99"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvs6-8bva-nqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62892?format=json","vulnerability_id":"VCID-kwj2-mk8c-4fef","summary":"axios: Axios: Remote Code Execution via Prototype Pollution escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40175","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19878","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19885","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40175"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40175"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"reference_url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"},{"reference_url":"https://github.com/axios/axios/pull/10660","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/pull/10660"},{"reference_url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081"},{"reference_url":"https://github.com/axios/axios/pull/10688","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/pull/10688"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.31.0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T20:43:26Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40175","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457432","reference_id":"2457432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10104","reference_id":"RHSA-2026:10104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10153","reference_id":"RHSA-2026:10153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10172","reference_id":"RHSA-2026:10172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14774","reference_id":"RHSA-2026:14774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15091","reference_id":"RHSA-2026:15091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8499","reference_id":"RHSA-2026:8499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8500","reference_id":"RHSA-2026:8500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8501","reference_id":"RHSA-2026:8501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110700?format=json","purl":"pkg:npm/axios@0.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.0"},{"url":"http://public2.vulnerablecode.io/api/packages/508230?format=json","purl":"pkg:npm/axios@1.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/110698?format=json","purl":"pkg:npm/axios@1.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-hadc-5d2f-gqe6"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-rusx-pwdw-zqcj"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0"}],"aliases":["CVE-2026-40175","GHSA-fvcv-3m26-pcqx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwj2-mk8c-4fef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62955?format=json","vulnerability_id":"VCID-td7u-cct6-bud6","summary":"axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21334","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21348","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"reference_url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"},{"reference_url":"https://github.com/axios/axios/pull/10661","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10661"},{"reference_url":"https://github.com/axios/axios/pull/10688","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10688"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.31.0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913","reference_id":"2456913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913"},{"reference_url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"GHSA-3p68-rc4w-qgx5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110700?format=json","purl":"pkg:npm/axios@0.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.0"},{"url":"http://public2.vulnerablecode.io/api/packages/508230?format=json","purl":"pkg:npm/axios@1.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/110698?format=json","purl":"pkg:npm/axios@1.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-hadc-5d2f-gqe6"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-rusx-pwdw-zqcj"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.0"}],"aliases":["CVE-2025-62718","GHSA-3p68-rc4w-qgx5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td7u-cct6-bud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56764?format=json","vulnerability_id":"VCID-vq2d-yv43-57b6","summary":"axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL\nA previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463\n\nA similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27152","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43838","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43829","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde"},{"reference_url":"https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f"},{"reference_url":"https://github.com/axios/axios/issues/6463","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/"}],"url":"https://github.com/axios/axios/issues/6463"},{"reference_url":"https://github.com/axios/axios/pull/6829","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/pull/6829"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.8.2","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios/releases/tag/v1.8.2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223","reference_id":"1102223","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102223"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2350618","reference_id":"2350618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2350618"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27152","reference_id":"CVE-2025-27152","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27152"},{"reference_url":"https://github.com/advisories/GHSA-jr5f-v2jv-69x6","reference_id":"GHSA-jr5f-v2jv-69x6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jr5f-v2jv-69x6"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6","reference_id":"GHSA-jr5f-v2jv-69x6","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T19:32:00Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84271?format=json","purl":"pkg:npm/axios@0.30.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37kj-pzyt-8be6"},{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-axy8-kmka-pugw"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.30.0"},{"url":"http://public2.vulnerablecode.io/api/packages/508230?format=json","purl":"pkg:npm/axios@1.0.0-alpha.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/84270?format=json","purl":"pkg:npm/axios@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37kj-pzyt-8be6"},{"vulnerability":"VCID-4b7a-22xk-gbh9"},{"vulnerability":"VCID-5kg1-k416-dfc1"},{"vulnerability":"VCID-6ru1-uamj-5ud3"},{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-axy8-kmka-pugw"},{"vulnerability":"VCID-gp41-4j8d-37ce"},{"vulnerability":"VCID-hadc-5d2f-gqe6"},{"vulnerability":"VCID-jvs6-8bva-nqb3"},{"vulnerability":"VCID-kwj2-mk8c-4fef"},{"vulnerability":"VCID-rusx-pwdw-zqcj"},{"vulnerability":"VCID-td7u-cct6-bud6"},{"vulnerability":"VCID-vzqt-dj1z-bqa6"},{"vulnerability":"VCID-xdas-dhtb-nuge"},{"vulnerability":"VCID-xg1x-4spz-jucn"},{"vulnerability":"VCID-yu5y-e4bk-zyfp"},{"vulnerability":"VCID-z5pf-pqcd-ckas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.8.2"}],"aliases":["CVE-2025-27152","GHSA-jr5f-v2jv-69x6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2d-yv43-57b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61894?format=json","vulnerability_id":"VCID-vzqt-dj1z-bqa6","summary":"axios: Axios: Arbitrary HTTP header injection via prototype pollution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42035","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15195","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15185","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42035"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-24T18:07:43Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42035","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461606","reference_id":"2461606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461606"},{"reference_url":"https://github.com/advisories/GHSA-6chq-wfr3-2hj9","reference_id":"GHSA-6chq-wfr3-2hj9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6chq-wfr3-2hj9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42035","GHSA-6chq-wfr3-2hj9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzqt-dj1z-bqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61888?format=json","vulnerability_id":"VCID-xdas-dhtb-nuge","summary":"axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42041","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42235","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42224","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:29:47Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42041","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42041"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461629","reference_id":"2461629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461629"},{"reference_url":"https://github.com/advisories/GHSA-w9j2-pvgh-6h63","reference_id":"GHSA-w9j2-pvgh-6h63","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9j2-pvgh-6h63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42041","GHSA-w9j2-pvgh-6h63"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdas-dhtb-nuge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61877?format=json","vulnerability_id":"VCID-xg1x-4spz-jucn","summary":"axios: Axios: XSRF token bypass leading to information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42042","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20417","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20406","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42042"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:35:32Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42042","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42042"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461637","reference_id":"2461637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461637"},{"reference_url":"https://github.com/advisories/GHSA-xx6v-rp6x-q39c","reference_id":"GHSA-xx6v-rp6x-q39c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx6v-rp6x-q39c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42042","GHSA-xx6v-rp6x-q39c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg1x-4spz-jucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61883?format=json","vulnerability_id":"VCID-yu5y-e4bk-zyfp","summary":"axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42034","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26593","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26583","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42034"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:12:43Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42034","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461623","reference_id":"2461623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461623"},{"reference_url":"https://github.com/advisories/GHSA-5c9x-8gcm-mpgx","reference_id":"GHSA-5c9x-8gcm-mpgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c9x-8gcm-mpgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42034","GHSA-5c9x-8gcm-mpgx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu5y-e4bk-zyfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61890?format=json","vulnerability_id":"VCID-z5pf-pqcd-ckas","summary":"axios: Axios: NO_PROXY bypass via crafted URL","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42043.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42043","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07966","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07951","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42043"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-27T13:47:20Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42043","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42043"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878","reference_id":"1134878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461626","reference_id":"2461626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461626"},{"reference_url":"https://github.com/advisories/GHSA-pmwg-cvhr-8vh7","reference_id":"GHSA-pmwg-cvhr-8vh7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pmwg-cvhr-8vh7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16476","reference_id":"RHSA-2026:16476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16532","reference_id":"RHSA-2026:16532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16534","reference_id":"RHSA-2026:16534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16535","reference_id":"RHSA-2026:16535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16542","reference_id":"RHSA-2026:16542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17468","reference_id":"RHSA-2026:17468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17474","reference_id":"RHSA-2026:17474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19109","reference_id":"RHSA-2026:19109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114572?format=json","purl":"pkg:npm/axios@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1pu-e3yu-duhv"},{"vulnerability":"VCID-etz1-9ead-s3aj"},{"vulnerability":"VCID-s7er-h5fa-euep"},{"vulnerability":"VCID-udyu-q8pp-akb7"},{"vulnerability":"VCID-wvss-z8cx-6khr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/114571?format=json","purl":"pkg:npm/axios@1.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8a5f-cd5t-mucc"},{"vulnerability":"VCID-rusx-pwdw-zqcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@1.15.1"}],"aliases":["CVE-2026-42043","GHSA-pmwg-cvhr-8vh7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5pf-pqcd-ckas"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/axios@0.25.0"}