EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.15.1) +8848 more potentially affected by CVE-2026-42264 via axios (>=1.0.0 <=1.15.1)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.1.0, =1.1.0, =0.1.0, =1.0.21, =0.1.4, =0.1.0, =1.0.10, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0-beta.18 and more Source cves: CVE-2026-42264 Source advisory: SNYK:JS-AXIOS-16417750...

Linux Distros Unpatched Vulnerability : CVE-2026-42037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js...

CVE-2026-42044

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

PT-2026-35043

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description A prototype pollution gadget exists in the HTTP adapter located in 'lib/adapters/http.js'. This issue occurs due to duck-type checking of the data payload. If...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the XSRF token protection logic, which uses JavaScript truth/false value semantics instead of strict boolean comparisons. This leads ...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (=0.0.0-canary-3a59770274bcb6f3bebd5d1b93a2c92d1fc4edbd) +7941 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.1.0, =1.1.0, =0.1.0, =1.0.21, =0.1.4, =0.1.0, =1.0.10, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0-beta.18 and more Source cves: CVE-2025-62718 Source advisory: SNYK:JS-AXIOS-15965856...

Mitigating the Axios npm supply chain compromise

In this article 1. Analysis of the attack 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise 5. Hunting queries On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP...

PT-2026-4737

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

@0xjwlabs/discord-rpc (=0.1.0), @0xsquid/react-hooks (>=1.0.0 <=2.0.0) +689 more potentially affected by CVE-2025-58754 via axios (>=0.28.0 <=0.30.1)

axios NPM version =0.28.0, =1.0.0, =3.0.0-beta.0, =2.10.1, =1.0.0, =0.1.0, =13.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =16.5.4 and more Source cves: CVE-2025-58754 Source advisory: OSV:GHSA-4HJH-WCWX-XVWJ...