Lucene search
K

4641 matches found

Cvelist
Cvelist
added 2026/02/09 8:11 p.m.31 views

CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS0.02591EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2026/02/09 5:46 p.m.6 views

1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4220 more potentially affected by CVE-2026-25639 via axios (>=1.0.0 <=1.13.4)

axios NPM version =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source advisory:...

7.5CVSS7AI score0.02591EPSS
Exploits1
OSV
OSV
added 2026/02/09 5:46 p.m.1 views

GHSA-43FC-JF86-J433 Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Denial of Service via proto Key in mergeConfig Summary The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse, causing...

7.5CVSS6AI score0.02591EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.13.5 had code vulnerabilities. These vulnerabilities stemmed from a crash that occurred when the mergeConfig function processed configuration objects containing the proto attribute, which could lead to a...

7.5CVSS7.1AI score0.02591EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.6 views

PT-2026-7150

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.5 Description The mergeConfig function in the Axios library is susceptible to crashing when processing configuration objects that include proto as an own property. An attacker can exploit this by sending a speciall...

7.8CVSS7AI score0.02591EPSS
Exploits1References33
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.4 views

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16480)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16480 advisory. - Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30....

7.5CVSS5.9AI score0.01099EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/04 10:24 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on...

7.5CVSS6.6AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 4:15 p.m.17 views

Security Bulletin: Denial of Service vulnerability in axios may affect IBM Business Automation Workflow - CVE-2025-58754

Summary IBM Business Automation Workflow packages a vulnerable version of the axios library. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software2
vulnersOsv
vulnersOsv
added 2026/01/30 9:17 p.m.7 views

@orval/angular (>=7.1.0 <=7.20.0), @orval/axios (>=7.1.0 <=7.20.0) +10 more potentially affected by CVE-2026-25141 via @orval/core (>=7.19.0 <=7.20.0)

@orval/core NPM version =7.19.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.19.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =0.0.0, =7.1.0, =7.1.0, =7.1.1 Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...

9.8CVSS5.8AI score0.00603EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/30 9:17 p.m.7 views

@bindercli/core (>=0.1.0 <=0.1.7), @localess/cli (>=3.0.1 <=3.0.5-dev.20260428203008) +20 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)

@orval/core NPM version =8.0.0, =0.1.0, =3.0.1, =8.0.0, =8.0.0, =8.14.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =6.11.0-alpha, =8.0.0, =8.0.0, =8.0.0, =0.5.0, =0.6.1 and more Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...

9.8CVSS5.7AI score0.00603EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 3:7 p.m.11 views

Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL

Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

9.8CVSS5.9AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 12:13 p.m.6 views

Security Bulletin: Vulnerability in Axios affects IBM Db2 Big SQL on Cloud Pak for Data

Summary Vulnerability in Axios 1.11 and earlier affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and...

7.5CVSS5.8AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 11:59 a.m.6 views

Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

8.7CVSS5.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/22 4:56 a.m.7 views

Security Bulletin: Vulnerabilities in Axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...

7.5CVSS6.3AI score0.01099EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Oracle GoldenGate (January 2026 CPU)

The detected versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative...

8.7CVSS6.7AI score0.01099EPSS
Exploits2References4
vulnersOsv
vulnersOsv
added 2026/01/20 1:46 a.m.5 views

@beshkenadze/orval-mcp (=7.11.2-fix.2), @orval/angular (>=7.10.0 <=7.18.0) +11 more potentially affected by CVE-2026-23947 via @orval/core (>=7.10.0 <=7.18.0)

@orval/core NPM version =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =1.0.1, =7.10.0, =7.10.0, =7.13.2 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...

9.8CVSS5.8AI score0.0075EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/20 1:46 a.m.5 views

@orval/angular (>=8.0.0 <=8.0.1), @orval/axios (>=8.0.0 <=8.0.1) +9 more potentially affected by CVE-2026-23947 via @orval/core (>=8.0.0-rc.0 <=8.0.1)

@orval/core NPM version =8.0.0-rc.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.1 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...

9.8CVSS5.8AI score0.0075EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/01/15 10:41 p.m.10 views

solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/15 10:41 p.m.6 views

GHSA-RWR8-XRPW-9QF5 solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

6.9AI score
Exploits0References2
OSV
OSV
added 2026/01/15 8:12 p.m.3 views

GHSA-58Q2-9X27-H2JM solspace/craft-freeform Has a DoS Vulnerability

Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...

6.9CVSS6.6AI score
Exploits0References8
Rows per page
Query Builder