VIR Vulnerability Intelligence Relay

Package impact

npm NPM / axios

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42043 critical 10.0 10.0 1mo ago Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 debiannpm
CVE-2026-42264 critical 9.1 9.1 20d ago Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking susedebiannpm
CVE-2026-42044 critical 9.1 9.1 1mo ago Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` debiannpm
CVE-2026-42040 low 3.7 3.7 1mo ago Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams debiannpm