GHSA-Q8QP-CVCW-X6JJ Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking

Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...

MAL-2025-15238 Malicious code in axios-http (npm)

The package axios-http was found to contain malicious code...

Malicious code in axios-http (npm)

The package axios-http was found to contain malicious code...

GHSA-R2RG-683G-FF96 Malicious Package in axios-http

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

Malicious Package in axios-http

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

Malicious Package

axios-http is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...