4641 matches found
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2026-40175 via axios (>=1.0.0 <=1.14.0)
axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2026-40175 Source advisory: SNYK:JS-AXIOS-159692...
HTTP Response Splitting
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary...
EUVD-2026-21573
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain...
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2026-40175 via axios (>=1.0.0 <=1.14.0)
axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2026-40175 Source advisory: OSV:GHSA-FVCV-3M26-P...
GHSA-FVCV-3M26-PCQX Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
CVE-2026-40175
CVE-2026-40175 affects the Axios HTTP client (browser/Node.js). The root cause is prototype pollution in a third‑party dependency, which could allow injection of unsanitized header values into outbound requests. This is fixed in Axios releases 1.15.0 and 0.3.1. If you use Axios prior to those ver...
Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Axios HTTP client library
Summary Due to use of the Axios HTTP client library, DevOps Test Performance and Rational Performance Tester contain a potentil denial of service DoS vulnerability. CVE-2026-25639 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...
Axios 代码问题漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.0 had code vulnerabilities. These vulnerabilities stemmed from a specific Gadget attack chain, which could potentially upgrade prototype pollution in any third-party dependencies into remote code execution or...
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)
axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2025-62718 Source advisory: OSV:GHSA-3P68-RC4W-Q...
CVE-2025-62718
creationtimestamp| type| source ---|---|--- 2026-04-09 16:39:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ap6fdyn2z 2026-04-09 17:32:19+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3p68-rc4w-qgx5 2026-04-10 05:55:04+00:00| seen|...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling reques...
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)
axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2025-62718 Source advisory: SNYK:JS-AXIOS-159658...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling request URLs can acces...
DEBIAN-CVE-2025-62718
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...
CVE-2025-62718
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...