4641 matches found
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4220 more potentially affected by CVE-2026-25639 via axios (>=1.0.0 <=1.13.4)
axios NPM version =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source advisory:...
GHSA-43FC-JF86-J433 Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
Denial of Service via proto Key in mergeConfig Summary The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse, causing...
Axios 代码问题漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.13.5 had code vulnerabilities. These vulnerabilities stemmed from a crash that occurred when the mergeConfig function processed configuration objects containing the proto attribute, which could lead to a...
PT-2026-7150
Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.5 Description The mergeConfig function in the Axios library is susceptible to crashing when processing configuration objects that include proto as an own property. An attacker can exploit this by sending a speciall...
Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16480)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16480 advisory. - Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30....
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on...
Security Bulletin: Denial of Service vulnerability in axios may affect IBM Business Automation Workflow - CVE-2025-58754
Summary IBM Business Automation Workflow packages a vulnerable version of the axios library. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs...
@orval/angular (>=7.1.0 <=7.20.0), @orval/axios (>=7.1.0 <=7.20.0) +10 more potentially affected by CVE-2026-25141 via @orval/core (>=7.19.0 <=7.20.0)
@orval/core NPM version =7.19.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.19.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =0.0.0, =7.1.0, =7.1.0, =7.1.1 Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...
@bindercli/core (>=0.1.0 <=0.1.7), @localess/cli (>=3.0.1 <=3.0.5-dev.20260428203008) +20 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)
@orval/core NPM version =8.0.0, =0.1.0, =3.0.1, =8.0.0, =8.0.0, =8.14.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =6.11.0-alpha, =8.0.0, =8.0.0, =8.0.0, =0.5.0, =0.6.1 and more Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...
Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL
Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...
Security Bulletin: Vulnerability in Axios affects IBM Db2 Big SQL on Cloud Pak for Data
Summary Vulnerability in Axios 1.11 and earlier affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and...
Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...
Security Bulletin: Vulnerabilities in Axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...
Oracle GoldenGate (January 2026 CPU)
The detected versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative...
@beshkenadze/orval-mcp (=7.11.2-fix.2), @orval/angular (>=7.10.0 <=7.18.0) +11 more potentially affected by CVE-2026-23947 via @orval/core (>=7.10.0 <=7.18.0)
@orval/core NPM version =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =1.0.1, =7.10.0, =7.10.0, =7.13.2 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...
@orval/angular (>=8.0.0 <=8.0.1), @orval/axios (>=8.0.0 <=8.0.1) +9 more potentially affected by CVE-2026-23947 via @orval/core (>=8.0.0-rc.0 <=8.0.1)
@orval/core NPM version =8.0.0-rc.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.1 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets
Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...
GHSA-RWR8-XRPW-9QF5 solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets
Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...
GHSA-58Q2-9X27-H2JM solspace/craft-freeform Has a DoS Vulnerability
Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...