Lucene search
K

4641 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/31 3:15 a.m.25 views

Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/31 3:15 a.m.11 views

Embedded Malicious Code

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...

9.8CVSS6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/31 3:15 a.m.5 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6115 more potentially affected by unknown CVE via axios (>=1.0.0-alpha.1 <=1.14.0)

axios NPM version =1.0.0-alpha.1, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: unknown CVE Source advisory:...

5.7AI score
Exploits0
OSV
OSV
added 2026/03/31 3:15 a.m.4 views

MAL-2026-2307 Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.11 views

Node.js Module axios 0.30.4 / 1.14.1 Supply Chain Vulnerability

The version of the axios Node.js module installed on the remote host is 0.30.4 or 1.14.1. It is, therefore, affected by a supply chain vulnerability where a supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including...

6.1AI score
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/31 12:0 a.m.6 views

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:4 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js...

7.5CVSS7.3AI score0.01564EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.7 views

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:49 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.2 Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no...

8.7CVSS7AI score0.02164EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:38 p.m.11 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

7.5CVSS6.7AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 3:44 p.m.7 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-25639)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.01564EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:34 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

7.5CVSS7.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/13 3:46 p.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module axios (CVE-2026-25639)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to denial of service due to Node.js module axios. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

7.5CVSS5.8AI score0.01564EPSS
Exploits1Affected Software1
PyPA
PyPA
added 2026/03/12 5:16 p.m.11 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/12 5:16 p.m.10 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25009

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.16 Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. The platform’s data ingestion feature accepts user-supplied URLs without validation and utilizes...

7.7CVSS6AI score0.00212EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 8:30 a.m.12 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.29 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and i...

9.4CVSS6.9AI score0.05413EPSS
Exploits6Affected Software1
Atlassian
Atlassian
added 2026/02/24 9:29 p.m.17 views

DoS (Denial of Service) axios Dependency in Crowd Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 5.3.1, 6.0.0, 6.1.3, 6.2.2, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.2AI score0.01564EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/24 1:44 a.m.6 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.3AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 6:32 p.m.4 views

GHSA-663H-2VR3-GHRJ yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.5AI score0.00169EPSS
Exploits0References5
Rows per page
Query Builder