Security Intel Hub 23+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Filter

KEV only

Verified PoC

Clear filters

High

Axios Security Patches: CRLF Injection, Prototype Pollution, and Arbitrary File Upload Fixes

github.com · 2026-05-08

axios

High

Axios Prototype Pollution Leading to Request Hijacking (GHSA-q8qp-cvcw-x6jg)

GHSA-q8qp-cvcw-x6jg · github.com · 2026-05-08

Axios HTTP client library

High

Axios Prototype Pollution Leading to Credential Injection and SSRF

github.com · 2026-05-08

axios >=1.0.0

High

Axios v1.15.2 Prototype Pollution Fix and SSRF Mitigation

github.com · 2026-05-08

Axios < v1.15.2

High

[Patch Bypass] Incomplete Fix for GHSA-3p68-rc4w-qgx5 (CVE-2025-62718) — NO_PROXY Protection Bypassed via RFC 1122 Loopb

CVE-2025-62718 · github.com · 2026-04-25

Axios <=1.15.0

High

Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy · Advisory · axios/axios · GitHu

github.com · 2026-04-25

axios v0.x · axios v1.x …

Critical

Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` · Advisory · axios/axios · GitHub

github.com · 2026-04-25

axios >=1.0.0

Medium

XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion · Advisory · axios/ax

CVE-2026-4242 · github.com · 2026-04-25

axios <1.15.0 · axios <0.31.0

Medium

CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream · Advisory · axios/axios · GitH

github.com · 2026-04-25

axios >= 1.0.0

Medium

axios: unbounded recursion in toFormData causes DoS via deeply nested request data · Advisory · axios/axios · GitHub

CVE-2026-42039 · github.com · 2026-04-25

axios <= 1.15.0 · axios < 0.31.0

Medium

HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 · Advisory · axios/axios · GitHub

CVE-2024-20534 · github.com · 2026-04-25

axios <= 1.15.0 · axios <= 0.31.0

Medium

no_proxy bypass via IP alias allows SSRF · Advisory · axios/axios · GitHub

CVE-2026-42538 · github.com · 2026-04-25

axios <=1.15.0 · axios <0.31.0

Medium

HTTP adapter streamed responses bypass maxContentLength · Advisory · axios/axios · GitHub

github.com · 2026-04-25

axios < 1.15.0 · axios < 0.31.0

High

Prototype Pollution Gadgets in axios: Response Tampering, Data Exfiltration, and Request Hijacking · Advisory · axios/ax

github.com · 2026-04-25

axios <=1.15.0 · axios <0.31.0

Low

Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams · Advisory · axios/axios · GitHub

github.com · 2026-04-25

axios <= 1.15.0 · axios <= 0.31.0

High

Header Injection via Prototype Pollution · Advisory · axios/axios · GitHub

CVE-2024-2035 · github.com · 2026-04-25

axios <=1.15.0 · axios <=0.31.0

Unknown

Axios Fix: Sanitization of Invalid Characters in HTTP Request Headers

github.com · 2026-04-18

### Vulnerability Overview This vulnerability involves issues with handling invalid characters in HTTP requests. Specifically, when an invalid character appears in the request header, it may lead to s…

High

Axios v0.x Header Injection and Proxy Bypass Vulnerability Fix

github.com · 2026-04-18

axios v0.x

High

Axios CRLF Header Injection Leading to Cloud Metadata Exfiltration Fix

github.com · 2026-04-11

### Vulnerability Overview **Title**: `fix: unrestricted cloud metadata exfiltration via header injection chain #10660` This is a security fix for the Axios library aimed at preventing attackers from …

High

Axios SSRF Vulnerability: no_proxy Bypass via Hostname Normalization Flaw

github.com · 2026-04-10

axios

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23+