Lucene search
K

933 matches found

Patchstack
Patchstack
added 2026/05/05 12:19 a.m.9 views

NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in parseReviver vulnerability discovered by ? in WordPress Npm axios versions = 1.0.0, 1.15.2...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 5:49 p.m.37 views

CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

6.5CVSS0.00586EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:49 p.m.5 views

CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

6.5CVSS5.3AI score0.00586EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 had security vulnerabilities. These vulnerabilities stemmed from the use of the transformResponse function during JSON parsing, where the parseReviver function from the merge configuration object was...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in meteor-meissa-airbnb-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in subduction-pulsar-yaml-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fdcdd77876d0905b0625c6064e91a7bcc7cf4dd76d43162bb3a86d9a6a56da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-188599 Malicious code in pegasus-nightwatch-andromeda-prettier-stylelint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456007ea7c3c7aa65a04e3206fa87137b64b1fb64e3134e83f1cae387acbc74e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-187203 Malicious code in got-paleoclimatology-nebula-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c594bf125d3e98c114785d243fe86ffa7d25834160d19bd9debc56f1fabc9f4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-187550 Malicious code in isostasy-ganymede-archaeogenetics-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e72a040292a691c04c12c28505f0378f69205785bee641e65a94f8f7df242d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in lyra-warp-dactyl-interferometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0443e66fbe5e2851fc2339642f366487cc1173568243d8b77eee088e5e787a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in supercluster-vortex-blackhole-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a840cb750914a2d75e4627c09a5d65fdf3f78ccd08344dfc9f366053fad4d11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in rollup-neptune-webdriver-manager-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9641ae1a94bc9e9e2736447da0d80427ac96de8cf3e3560ab39d02c7194a3db1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.9 views

Malicious code in air-easy-dog-float-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5383247b85e0c729c376c538e98461587e02a8093897571bde55b8c251dcdfe9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in hexo-restart-farout-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5247e16048caf71cba989ce7d7576f498fa66a44e6060ab73d416196f8e68e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in express-terraforming-nucleosynthesis-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58c13e8ab6630647d9a08c3b65040effac140f3a388762a6acd5eee532a1a66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.11 views

Malicious code in cressida-jwt-loglevel-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in gatsby-await-palynology-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d70de77bf70ec7002d967b917e7a999162d78c5472219f6ee6d07e7dd73baa80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in phenomic-gemini-adonis-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e473e63486e2e3fb28b1c74b916ee10e38ac8e36cf418dc8213946bf8a4a0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in weywot-wezen-bootes-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95af838a5409ad46c803f49911e5142c4505a584392775561fc0e5b1eb266f01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in jasmine-iota-apollo-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abb148d7fe3af5383c5182391ac79de62170ac8d4404462c54639a8bc134a119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder