These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-62718 describes a proxy-bypass weakness in Axios' NO_PROXY handling. When hostname normalization is incorrect, requests aimed at loopback-style targets such as localhost. with a trailing dot or [::1] can fail to match NO_PROXY and be sent through the configured proxy instead. In environments that rely on proxy rules to keep loopback or internal traffic local, this can create SSRF-style exposure t [truncated]
CVE-2026-25639 affects Axios versions before 0.30.3 and 1.13.5. A malicious configuration object can trigger a TypeError in mergeConfig when __proto__ is present as an own property, which can crash the application path and cause a complete denial of service. The issue was publicly disclosed on 2026-02-09, and vendor fixes are available in the Axios patches and release notes.
CVE-2021-3749 is a HIGH severity vulnerability (CVSS 7.5) affecting Subnet Solutions Inc. PowerSYSTEM Center, published by CISA on October 1, 2024. The vulnerability stems from the product's use of Axios, a popular JavaScript HTTP client library, which contains an inefficient regular expression complexity flaw. This issue can lead to denial of service conditions through resource exhaustion when processing [truncated]