Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]

56% confidence

Description

oss-sec mailing list archives From : Michael Straßberger <m.strassberger () metaways de> Date : Tue, 31 Mar 2026 09:29:05 +0200 Hello OSS-Security, since I haven't seen yet a post about this: There was a Supply Chain attack targeting the npm package- axios. Axios is a widely spread and used Javascript library. Some more discussions are happening in a github Issue [0] From HackerNews[1]: Users who have Axios versions 1.14.1 or 0.30.4 installed are required to rotate their secrets and creden

Related News (4 articles)

Tier C

oss-security4h ago

Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]

→ No new info (linked only)

Tier D

BleepingComputer6h ago

Hackers compromise Axios npm package to drop cross-platform malware

→ No new info (linked only)

Tier D

Help Net Security8h ago

Axios npm packages backdoored in supply chain attack

→ No new info (linked only)

Tier D

The Hacker News14h ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedMar 31, 2026

Last enriched3h ago

Trending Score39

Source articles4

Independent4

Info Completeness2/14

Missing: cve_id, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026