axios vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44496Highaxios: Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name InjectionCVE-2026-44488Highaxios: Allocation of Resources Without Limits or Throttling in AxiosCVE-2026-44487Highaxios: Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios…CVE-2026-44486Highaxios: Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct…CVE-2026-44495Highaxios: axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in…CVE-2026-44494Highaxios: axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`CVE-2026-44492Highaxios: axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass…CVE-2026-44490Mediumaxios: axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functionsCVE-2026-44489Lowaxios: Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete…CVE-2026-42037Mediumaxios: Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStreamCVE-2026-42038Mediumaxios: Axios: no_proxy bypass via IP alias allows SSRFCVE-2026-42039Mediumaxios: Axios: unbounded recursion in toFormData causes DoS via deeply nested request dataCVE-2026-42034Mediumaxios: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0CVE-2026-42036Mediumaxios: Axios: HTTP adapter streamed responses bypass maxContentLengthCVE-2026-42033Highaxios: Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request HijackingCVE-2026-42035Highaxios: Axios: Header Injection via Prototype PollutionCVE-2026-42042Mediumaxios: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean…CVE-2026-42041Mediumaxios: Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge StrategyCVE-2026-42043Highaxios: Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback…CVE-2026-42044Mediumaxios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`CVE-2026-42264Highaxios: Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and…CVE-2026-42040Lowaxios: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParamsCVE-2026-40175Mediumaxios: Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection ChainCVE-2025-62718Mediumaxios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRFCVE-2026-39865Mediumaxios: Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Stop the waste.
Protect your environment with Kodem.