4641 matches found
SSRF (Server Side Request Forgery) axios Dependency in Jira Software Data Center and Server
This High severity SSRF Server Side Request Forgery vulnerability known as CVE-2025-27152 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P allows a...
Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app
Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...
Axios Systems Assyst 安全漏洞
Axios Systems Assyst is an off-the-shelf application from Axios Systems, UK, for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst has a security vulnerability that stems from a specially crafted dict ke...
Security Bulletin: IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754.
Summary IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Wh...
Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)
Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-58754)
Summary axios is vulnerable to Denial of Service attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and...
Malicious code in axios-cancelable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7210c0ae0996b1026ba173fc3f0628154433a7a8ba971106d24dab744d6d28ec The package axios-cancelable was found to contain malicious code. Source: ghsa-malware 34b03d17fe2a4d83f67cbda737712693abb19fc4da135fab010adb7aeeb82d...
EUVD-2025-199373
Malicious code in axios-cancelable npm...
MAL-2025-191389 Malicious code in axios-cancelable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7210c0ae0996b1026ba173fc3f0628154433a7a8ba971106d24dab744d6d28ec The package axios-cancelable was found to contain malicious code. Source: ghsa-malware 34b03d17fe2a4d83f67cbda737712693abb19fc4da135fab010adb7aeeb82d...
EUVD-2025-199187
Malicious code in axios-timed npm...
Malicious code in axios-timed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab662813496549443a6e93b09a2f5fe8268f47117b82805c40b631d7ed3d1f7 The package axios-timed was found to contain malicious code. Source: ghsa-malware 1ffd6b2c5ba321504c3373b543278ee5f5a0f3de43e0c7cca70793a90a7680a8 An...
MAL-2025-191068 Malicious code in axios-timed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab662813496549443a6e93b09a2f5fe8268f47117b82805c40b631d7ed3d1f7 The package axios-timed was found to contain malicious code. Source: ghsa-malware 1ffd6b2c5ba321504c3373b543278ee5f5a0f3de43e0c7cca70793a90a7680a8 An...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
axios-basic-logger (=1.0.0), react-micromodal.js (=1.0.0) potentially affected by unknown CVE via pico-uid (=1.0.2)
pico-uid NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on pico-uid and may be impacted: - axios-basic-logger =1.0.0 - react-micromodal.js =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-PICOUID-14103684...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
trust-my-travel (>=0.1.0 <=0.1.2), zapier-axios (>=0.1.4 <=0.1.8) potentially affected by unknown CVE via axios-timed (=1.0.0)
axios-timed NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios-timed and may be impacted: - trust-my-travel =0.1.0, =0.1.4, =0.1.8 Source cves: unknown CVE Source advisory: SNYK:JS-AXIOSTIMED-14103576...
Malicious code in axios-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c726ee1f437e2d41e6315304248feeb9214b2418b2a9662d27e0adec579c454 The package axios-builder was found to contain malicious code. Source: ghsa-malware f8ff42a488c5cabfb90c3ab47735ddb22959b3dfe23243360ac54c4db3da54af...
EUVD-2025-198845
Malicious code in axios-builder npm...
MAL-2025-190832 Malicious code in axios-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c726ee1f437e2d41e6315304248feeb9214b2418b2a9662d27e0adec579c454 The package axios-builder was found to contain malicious code. Source: ghsa-malware f8ff42a488c5cabfb90c3ab47735ddb22959b3dfe23243360ac54c4db3da54af...