ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42034 CVE-2026-42034 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42034 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42042 CVE-2026-42042 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42042 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2023-45857 CVE-2023-45857 in @rootio/axios - Patched by Root

Root has patched CVE-2023-45857 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-27152 CVE-2025-27152 in @rootio/axios - Patched by Root

Root has patched CVE-2025-27152 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

EUVD-2026-11599

OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...

Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

MAL-2026-5936 Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with...

Information Exposure

Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...

Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

ROOT-APP-NPM-CVE-2025-58754 CVE-2025-58754 in @rootio/axios - Patched by Root

Root has patched CVE-2025-58754 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

CVE-2026-44494

A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle MITM attack. This enables the attacker to intercept, read, and modify all...

CVE-2026-44496

A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service DoS, where the affected browser tab may...

CVE-2026-44492

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NOPROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the...

CVE-2026-44486

A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can...

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...