Where
-Infinity
0

Trending

Last week
Last month
Last year

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Ax…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2461629

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toForm…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2461630

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an att…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2461626

npm/axiosAxios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

Risk 34
Severity
5.4
First published (updated )
CVE-2026-42042

npm/axiosAxios: unbounded recursion in toFormData causes DoS via deeply nested request data

Risk 43
Severity
6.9
First published (updated )
CVE-2026-42039
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prot…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2461606

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when O…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2461607

npm/axiosAxios: HTTP adapter streamed responses bypass maxContentLength

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42036

npm/axiosAxios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42034

npm/axiosAxios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42037
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios: no_proxy bypass via IP alias allows SSRF

Risk 43
Severity
7.5
First published (updated )
CVE-2026-42038

npm/axiosAxios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Risk 40
Severity
6.5
First published (updated )
CVE-2026-42041

npm/axiosAxios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Risk 73
Severity
10
First published (updated )
CVE-2026-42043

npm/axiosAxios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Risk 66
Severity
9.1
First published (updated )
CVE-2026-42044

npm/axiosAxios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Risk 20
Severity
3.7
First published (updated )
CVE-2026-42040
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios: Header Injection via Prototype Pollution

Risk 56
Severity
7.4
First published (updated )
CVE-2026-42035

npm/axiosAxios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Risk 56
Severity
7.4
First published (updated )
CVE-2026-42033

Axios 10 / 10 CVE is not realistically exploitable - CVE-2026-40175

First published (updated )
Social
reddit

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2457432

npm/axiosSSRF

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2456913
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secAxios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]

First published (updated )
https://seclists.org/oss-sec/2026/q2/44

First analysis & detection pack for the Claude Code source leak

First published (updated )
Social
reddit

oss-secAxios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]

First published (updated )
https://seclists.org/oss-sec/2026/q1/421

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig f…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2438237

npm/axiosAxios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2394735
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203