Home / Security updates / Security Advisory: Axios npm Supply Chain Attack (March 31, 2026)
Security Advisory: Axios npm Supply Chain Attack (March 31, 2026)
Security updates detail rendered from /security-updates/upd_1a9efb68d0170642.
Overview
| ID | upd_1a9efb68d0170642 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Orca Security |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_1a9efb68d0170642 |
| providerId | safebase |
| organizationId | org_cf1d9d80753d6271 |
| trustCenterId | tc_1e9f331a47b52f04 |
| title | Security Advisory: Axios npm Supply Chain Attack (March 31, 2026) |
| message | On March 31, 2026, two malicious versions of the Axios npm package (v1.14.1 and v0.30.4) were published via a compromised maintainer account, deploying a cross-platform Remote Access Trojan to affected systems. We have reviewed our dependencies and confirmed that Orca Security does not use the affected versions. Our environments were not impacted by this incident. |
| url | - |
| publishedAt | 2026-04-05 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_cf1d9d80753d6271",
"name": "Orca Security",
"domains": [
"trustcenter.orca.security",
"orca.security"
]
} |
| trust_center | {
"id": "tc_1e9f331a47b52f04",
"name": "Orca Security",
"url": "https://trustcenter.orca.security",
"host": "trustcenter.orca.security"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_1a9efb68d0170642",
"company": "/v1/companies/org_cf1d9d80753d6271",
"trust_center": "/v1/trust-centers/tc_1e9f331a47b52f04",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_1a9efb68d0170642JSON