Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

Security Bulletin: IBM Edge Data Collector uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264

Summary IBM Edge Data Collector Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From...

PT-2026-44909

Patch Bypass Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2 Summary The Object.createnull fix introduced in Axios 1.15.2 GHSA-q8qp-cvcw-x6jj protects the top-level config object from prototype pollution. However, nested objects created...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.15.1) +8768 more potentially affected by CVE-2026-42039 via axios (>=1.0.0 <=1.15.0)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.1.0, =1.1.0, =0.1.0, =1.0.21, =0.1.4, =0.1.0, =1.0.10, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0-beta.18 and more Source cves: CVE-2026-42039 Source advisory: OSV:GHSA-62HF-57XW-28J9...

PT-2026-32030

Name of the Vulnerable Software and Affected Versions axios versions prior to 1.15.0 axios versions prior to 0.3.1 Description The axios library is vulnerable to a gadget attack chain where prototype pollution in any third-party dependency can be escalated. This occurs because the library does no...

Linux Distros Unpatched Vulnerability : CVE-2026-25639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeErro...

CVE-2025-58754

CVE-2025-58754 affects Axios (Node.js) where, in versions prior to 0.30.2 and 1.12.0, processing a data: URL causes the Node http adapter to decode the entire payload into memory, bypassing maxContentLength/maxBodyLength, and return a synthetic 200 response. This can lead to unbounded memory allo...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CWE:CWE-918: Server-Sid...

SUSE CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

CVE-2024-57965

CVE-2024-57965 is a vulnerability in axios (before 1.7.8) where isURLSameOrigin.js does not use a URL object to determine origin and may perform an unwanted setAttribute('href', href). IBM security bulletins align this CVE with IBM Db2 Big SQL on Cloud Pak for Data and related products, noting an...

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

SSRF (Server-Side Request Forgery) [email protected] (NPM) in Crowd Data Center

This High severity SSRF Server-Side Request Forgery and Third-Party Dependency vulnerability was introduced in versions 6.0.4 and 6.1.2 of Crowd Data Center. This SSRF Server-Side Request Forgery and Third-Party Dependency vulnerability, caused by Axios 1.6.8, with a CVSS Score of 8.6, allows an...

UBUNTU-CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

DEBIAN-CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...