CRITICAL9.8CVE-2024-57965In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted… from 0
HIGH8.7CVE-2026-44494axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy` from 0
HIGH8.6axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
from 0
HIGH7.5Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
from 0
HIGH7.5Allocation of Resources Without Limits or Throttling in Axios
from 0
HIGH7.5Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter
from 0
HIGH7.5Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
from 0
HIGH7.5Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
from 0
HIGH7.5Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
from 0
HIGH7.5Axios is vulnerable to DoS attack through lack of data size check
from 0
HIGH7.5Server-Side Request Forgery in axios
from 0, < 1.7.4+dfsg-1
HIGH7.5axios Inefficient Regular Expression Complexity vulnerability
from 0, < 0.21.1+dfsg-1+deb11u1
HIGH7.5Denial of Service in axios
from 0, < 0.17.1+dfsg-2
HIGH7.4Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking
from 0
HIGH7.4Axios: Header Injection via Prototype Pollution
from 0
HIGH7.4Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
from 0
HIGH7.2Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
from 0
HIGH7.0axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
from 0
MEDIUM6.8Axios: no_proxy bypass via IP alias allows SSRF
from 0
MEDIUM6.5Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
from 0
MEDIUM6.5Axios Cross-Site Request Forgery Vulnerability
from 0
MEDIUM5.9Axios HTTP/2 Session Cleanup State Corruption Vulnerability
from 0
MEDIUM5.9Axios vulnerable to Server-Side Request Forgery
from 0, < 0.21.1+dfsg-1
MEDIUM5.4Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
from 0
MEDIUM5.3Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
from 0
MEDIUM5.3Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
from 0
MEDIUM5.3Axios: HTTP adapter streamed responses bypass maxContentLength
from 0
MEDIUM5.3axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
from 0
MEDIUM4.8axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
from 0
MEDIUM4.8Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
from 0
MEDIUM4.8Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
from 0
MEDIUM4.8Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
from 0
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
from 0, < 1.16.0-1
LOW3.7Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
from 0