axios

Top products

The 15 most recently published vulnerabilities affecting axios.

• CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection7.5Jun 11, 2026
• CVE-2026-44487Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter7.5Jun 11, 2026
• CVE-2026-44488Axios: Allocation of Resources Without Limits or Throttling in axios7.5Jun 11, 2026
• CVE-2026-44490Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions4.8Jun 11, 2026
• CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection7.5Jun 11, 2026
• CVE-2026-44495Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge7.0Jun 11, 2026
• CVE-2026-44494Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`8.7Jun 11, 2026
• CVE-2026-44489Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix3.7Jun 11, 2026
• CVE-2026-44492Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)8.6Jun 11, 2026
• CVE-2026-42264Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking7.4May 8, 2026
• CVE-2026-42042Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion5.4Apr 24, 2026
• CVE-2026-42039Axios: unbounded recursion in toFormData causes DoS via deeply nested request data7.5Apr 24, 2026
• CVE-2026-42036Axios: HTTP adapter streamed responses bypass maxContentLength5.3Apr 24, 2026
• CVE-2026-42034Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 05.3Apr 24, 2026
• CVE-2026-42037Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream5.3Apr 24, 2026