Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

Linux Distros Unpatched Vulnerability : CVE-2026-42039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, s...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body...

K000160944: Axios NPM supply chain attack MAL-2026-2306 GHSA-fw8c-xr5c-95f9

Security Advisory Description Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma...

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...

Malicious code in @athena-ui-components/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec575fc86c9df0e6b2ab1a970a32ecf46d6c83971e173f481ecf7e87184260a9 The package @athena-ui-components/axios was found to contain malicious code. Source: ossf-package-analysis...

org.webjars.npm:axios (=0.15.3), org.webjars.npm:github-build (=1.2.0) +1 more potentially affected by CVE-2026-40895 via org.webjars.npm:follow-redirects (=1.0.0)

org.webjars.npm:follow-redirects MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:follow-redirects and may be impacted: - org.webjars.npm:axios =0.15.3 - org.webjars.npm:github-build =1.2.0 -...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause th...

Linux Distros Unpatched Vulnerability : CVE-2026-39865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a...

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New...

Bruno 安全漏洞

Bruno is an open-source IDE developed by usebruno, designed for exploring and testing APIs. Versions of Bruno prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by a supply chain attack involving a tampered axios npm package, which could potentially deploy...

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analy...

Axios supply chain attack chops away at npm trust

Researchers found that compromised Axios versions installed a Remote Access Trojan. Axios is a promise-based HTTP Client for node.js, basically a helper tool that developers use behind the scenes to let apps talk to the internet. For example, Axios makes requests such as “get my messages from the...

Hackers Poison Axios npm Package with 100 Million Weekly Downloads

Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide...

Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

Embedded Malicious Code

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...

EUVD-2025-124682

Malicious code in mysql-apex-nova-axios npm...

Linux Distros Unpatched Vulnerability : CVE-2020-28168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds...

GHSA-RM8P-CX58-HCVX Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

Withdrawn Advisory This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4. Original Description A critical vulnerability...