VIR Vulnerability Intelligence Relay

Package impact

npm NPM / axios

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42041 medium 6.5 6.5 1mo ago Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy susedebiannpm
CVE-2026-42042 medium 5.4 5.4 1mo ago Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion debiannpm
CVE-2026-42037 medium 5.3 5.3 1mo ago Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream debiannpm
CVE-2026-42036 medium 5.3 5.3 1mo ago Axios: HTTP adapter streamed responses bypass maxContentLength debiannpm
CVE-2026-42034 medium 5.3 5.3 1mo ago Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 debiannpm
CVE-2026-40175 medium 4.8 4.8 2mo ago Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain debiannpm
CVE-2026-42040 low 3.7 3.7 1mo ago Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams debiannpm