Lucene search
K

4641 matches found

Veracode
Veracode
added 2026/04/15 11:18 a.m.9 views

Denial Of Service (DoS)

Axios is vulnerable to Denial Of Service DoS. The vulnerability is due to a state corruption bug in HTTP/2 session cleanup logic, which allows a malicious server to trigger concurrent session closures and crash the client process...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 9:47 a.m.3 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service (CVE-2026-39865)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module axios CVE-2026-3986...

5.9CVSS5.8AI score0.00731EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 9:40 a.m.7 views

Malicious code in @athena-ui-components/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec575fc86c9df0e6b2ab1a970a32ecf46d6c83971e173f481ecf7e87184260a9 The package @athena-ui-components/axios was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/14 11:22 p.m.11 views

Novu has SSRF via conditions filter webhook bypasses validateUrlSsrf() protection

Summary The conditions filter webhook at libs/application-generic/src/usecases/conditions-filter/conditions-filter.usecase.ts line 261 sends POST requests to user-configured URLs using raw axios.post with no SSRF validation. The HTTP Request workflow step in the same codebase correctly uses...

6AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/04/14 5:51 a.m.147 views

Exploit for CVE-2026-40175

audit-axios Scan local repos for vulnerable axios versions an...

10CVSS5.9AI score0.01815EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2026/04/14 1:11 a.m.13 views

follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

Summary When an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie headers matched by regex at index.js:469-476. Any custom authentication header e.g., X-API-Key, X-Auth-Token, Api-Key, Token is forwarded...

5.8AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/14 1:11 a.m.8 views

org.webjars.npm:axios (=0.15.3), org.webjars.npm:github-build (=1.2.0) +1 more potentially affected by CVE-2026-40895 via org.webjars.npm:follow-redirects (=1.0.0)

org.webjars.npm:follow-redirects MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:follow-redirects and may be impacted: - org.webjars.npm:axios =0.15.3 - org.webjars.npm:github-build =1.2.0 -...

7.5CVSS5.8AI score0.00486EPSS
Exploits0
OSV
OSV
added 2026/04/14 1:11 a.m.3 views

GHSA-R4Q5-VMMM-2653 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

Summary When an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie headers matched by regex at index.js:469-476. Any custom authentication header e.g., X-API-Key, X-Auth-Token, Api-Key, Token is forwarded...

6.9CVSS5.8AI score
Exploits0References3
HackRead
HackRead
added 2026/04/13 8:11 p.m.3 views

OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach

OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 4:22 p.m.6 views

CVE-2026-40175

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote...

9CVSS6.4AI score0.01815EPSS
Exploits5References7
Veracode
Veracode
added 2026/04/13 11:14 a.m.8 views

Header Injection

Axios is vulnerable to Header Injection. The vulnerability is due to the presence of a gadget chain that allows existing Prototype Pollution in dependent code to be escalated, enabling attackers to achieve remote code execution or access sensitive resources such as AWS IMDSv2 metadata...

9CVSS6.4AI score0.01815EPSS
Exploits5References43Affected Software1
The Hacker News
The Hacker News
added 2026/04/13 6:50 a.m.9 views

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macO...

9.4CVSS6.2AI score0.60368EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/04/12 10:12 a.m.257 views

Exploit for CVE-2026-40175

🚨 CVE-2026-40175 - Critical Vulnerability in Axios...

10CVSS5.9AI score0.01815EPSS
Exploits5
SUSE CVE
SUSE CVE
added 2026/04/11 9:29 a.m.6 views

SUSE CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in...

9CVSS6.9AI score0.01815EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/04/10 10:36 p.m.4 views

CVE-2025-62718

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NOPROXY rules. An attacker can exploit this by crafting requests to loopback addresses e.g., localhost. or ::1 which bypass the NOPROXY...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References9
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.19 views

DoS (Denial of Service) axios Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.01564EPSS
Exploits1
OSV
OSV
added 2026/04/10 8:16 p.m.3 views

DEBIAN-CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS6.8AI score0.01815EPSS
Exploits5References1
NVD
NVD
added 2026/04/10 8:16 p.m.7 views

CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

9CVSS0.01815EPSS
Exploits5References43
UbuntuCve
UbuntuCve
added 2026/04/10 8:16 p.m.4 views

CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS7AI score0.01815EPSS
Exploits5References5
Rows per page
Query Builder