Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

axios — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting axios. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Axios is a widely adopted HTTP client for JavaScript environments, primarily utilized in browser and Node.js applications to simplify asynchronous data fetching. Despite its popularity, the library has faced 21 recorded Common Vulnerabilities and Exposures (CVEs), predominantly stemming from improper input validation and prototype pollution issues. These flaws often enable remote code execution or cross-site scripting attacks when user-controlled data is passed directly into configuration objects without sanitization. Notably, several vulnerabilities allowed attackers to bypass security controls by manipulating internal headers or request parameters. While Axios itself does not store data, its widespread integration into frontend frameworks makes it a frequent target for supply chain attacks. Developers must ensure strict input validation and keep dependencies updated to mitigate risks associated with these historical security gaps, particularly in applications handling sensitive user information.

Found 21 results / 22Clear Filters
Top products by axios: axios axios/axios
CVE IDTitleCVSSSeverityPublished
CVE-2026-42264 Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking — axiosCWE-1321 7.4 High2026-05-08
CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion — axiosCWE-183 5.4 Medium2026-04-24
CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data — axiosCWE-674 7.5AIHighAI2026-04-24
CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength — axiosCWE-770 5.3 Medium2026-04-24
CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 — axiosCWE-770 5.3 Medium2026-04-24
CVE-2026-42037 Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream — axiosCWE-93 5.3 Medium2026-04-24
CVE-2026-42038 Axios: no_proxy bypass via IP alias allows SSRF — axiosCWE-918 6.8 Medium2026-04-24
CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy — axiosCWE-287 4.8 Medium2026-04-24
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 — axiosCWE-183 7.2 High2026-04-24
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` — axiosCWE-915 6.5 Medium2026-04-24
CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams — axiosCWE-116 3.7 Low2026-04-24
CVE-2026-42035 Axios: Header Injection via Prototype Pollution — axiosCWE-113 7.4 High2026-04-24
CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking — axiosCWE-1321 7.4 High2026-04-24
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain — axiosCWE-113 4.8 Medium2026-04-10
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF — axiosCWE-441 7.4AIHighAI2026-04-09
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability — axiosCWE-400 5.9 Medium2026-04-08
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig — axiosCWE-754 7.5 High2026-02-09
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check — axiosCWE-770 7.5 High2025-09-12
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests — axiosCWE-918 10.0 -2025-03-07
CVE-2024-57965 Axios 安全漏洞 — axiosCWE-346--2025-01-29
CVE-2019-10742 Axios 输入验证错误漏洞 — axios 7.5 -2019-05-07

This page lists every published CVE security advisory associated with axios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.