Lucene search
K

32391 matches found

Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDirectKeys function in mergeConfig. An attacker can force a request configuration to inherit attacker-controlled properties by supplying ...

8.2CVSS6.7AI score0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the request configuration handling in the adapters/xhr.js adapter and helpers/resolveConfig.js‎...

6.1CVSS5.4AI score0.00228EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/24 7:21 p.m.16 views

Insertion of Sensitive Information Into Sent Data

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the request configuration handling in the adapters/xhr.js adapter and helpers/resolveConfig.js‎. An attacker can...

6.1CVSS5.4AI score0.00228EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/24 7:21 p.m.10 views

Improper Encoding or Escaping of Output

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query strings by supplying...

6.3CVSS5.5AI score0.00217EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.7 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query...

6.3CVSS5.5AI score0.00217EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the deserialization process. An attacker can cause excessive memory allocation leading to process crashes by submitting a specially crafted payload. Remediation Upgrade...

8.7CVSS5.8AI score0.0032EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the deserialization process. An attacker can cause excessive memory allocation leading to process crashes by submitting a specially crafted payload. Remediation Upgrade...

8.7CVSS5.8AI score0.0032EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the mergeConfig code path in the request configuration handling. An attacker can influence request behavior by supplying a...

9.1CVSS6.6AI score0.00381EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the mergeConfig code path in the request configuration handling. An attacker can influence request behavior by supplying a crafted config obje...

9.1CVSS6.6AI score0.00381EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body...

6.9CVSS5.6AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body larger than the...

6.9CVSS5.6AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.3 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the isLoopback host check in the proxy helper, which relied on a static list of LOOPBACKADDRESSES. An attacker ca...

10CVSS5.4AI score0.01075EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/24 7:20 p.m.7 views

Incomplete List of Disallowed Inputs

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the isLoopback host check in the proxy helper, which relied on a static list of LOOPBACKADDRESSES. An attacker can route requests...

10CVSS5.4AI score0.01075EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/24 7:20 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaul...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaults configuration...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.4 views

HTTP Response Splitting

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the isFormData and getHeaders handling in the HTTP request path. An attacker can inject arbitrary request headers by supplying...

9.1CVSS5.7AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.10 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the isFormData and getHeaders handling in the HTTP request path. An attacker can inject arbitrary request headers by supplying a...

9.1CVSS5.7AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.4 views

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the addQueryIfUnique function. An...

9.3CVSS5.8AI score0.00338EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.3 views

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/v25/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the addQueryIfUnique function. An...

9.3CVSS5.8AI score0.00338EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the HTTP response handling path in the http.js adapter. An attacker can force a client to...

6.9CVSS5.8AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:20 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the HTTP response handling path in the http.js adapter. An attacker can force a client to accept and process ...

6.9CVSS5.9AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:19 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the AxiosHeaders normalization path and shouldBypassProxy helper. An attacker can smuggle CRLF and other control...

7.5CVSS5.4AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:19 p.m.13 views

Server-side Request Forgery (SSRF)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the AxiosHeaders normalization path and shouldBypassProxy helper. An attacker can smuggle CRLF and other control characters into...

7.5CVSS5.4AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:19 p.m.7 views

CRLF Injection

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to CRLF Injection through the FormDataPart multipart header construction in the form-data streaming helper. An attacker can inject arbitrary multipart header...

6.9CVSS5.7AI score0.0024EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:19 p.m.7 views

CRLF Injection

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to CRLF Injection through the FormDataPart multipart header construction in the form-data streaming helper. An attacker can inject arbitrary multipart headers by supplying a...

6.9CVSS5.7AI score0.0024EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:18 p.m.4 views

Uncontrolled Recursion

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion through the toFormData recursive serializer in lib/helpers/toFormData.js. An attacker can crash a process by supplying a deeply...

8.7CVSS5.5AI score0.00413EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:18 p.m.6 views

Uncontrolled Recursion

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion through the toFormData recursive serializer in lib/helpers/toFormData.js. An attacker can crash a process by supplying a deeply nested object as...

8.7CVSS5.5AI score0.00413EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:18 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readBytes or readString functions in BitStreamReader when the setBitPosition process receives an overflowed value, bypassing bounds checks. An attacker can cause a segmentation fault and potentiall...

8.7CVSS5.8AI score0.00328EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 6:21 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to...

8.7CVSS5.7AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 6:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to exhaust system...

8.7CVSS5.7AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:39 p.m.8 views

Memory Allocation with Excessive Size Value

Overview ParquetSharp is a .NET library for reading and writing Parquet files. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the DecimalConverter.ReadDecimal function. An attacker can cause a large stackalloc by supplying a Parquet file with a...

8.7CVSS5.9AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.3 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.3 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.7 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the objecttoexecution.go process. An attacker can execute unauthorized actions or inject malicious content by providing crafted AI-generated YAML that is...

8.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/04/24 4:34 p.m.6 views

Arbitrary Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Command Injection via...

8.8CVSS6AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 4:32 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

10CVSS5.5AI score0.00515EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:32 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

10CVSS5.5AI score0.00515EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:32 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

10CVSS5.5AI score0.00515EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.6 views

Insufficient Verification of Data Authenticity

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00255EPSS
Exploits1References2
Total number of security vulnerabilities32391