CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

OSV•added 2026/05/05 12:19 a.m.•3 views

GHSA-3W6X-2G7M-8V23 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Vulnerability Disclosure: Invisible JSON Response Tampering via Prototype Pollution Gadget in parseReviver Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical...

6.5CVSS5.9AI score0.00269EPSS

Exploits1References3

Patchstack•added 2026/05/05 12:19 a.m.•6 views

NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

NPM: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in parseReviver vulnerability discovered by ? in WordPress Npm axios versions = 1.0.0, 1.15.2...

9.1CVSS5.8AI score0.00269EPSS

Exploits1References3Affected Software1

Veracode•added 2026/04/30 9:31 a.m.•6 views

Prototype Pollution

Axios is vulnerable to a Prototype Pollution. The vulnerability is due to improper validation of the parseReviver property in the transformResponse function, which allows an attacker to exploit a polluted Object.prototype and manipulate JSON response data, leading to privilege escalation and...

9.1CVSS5.2AI score0.00269EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/24 5:49 p.m.•27 views

CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible...

6.5CVSS0.00269EPSS

Exploits1References1