Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

axios — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in axios, with AI-generated Chinese analysis, references, and POCs.

Vendor: axios

CVE IDTitleCVSSSeverityPublished
CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion CWE-183 5.4 Medium2026-04-24
CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data CWE-674 7.5AIHighAI2026-04-24
CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength CWE-770 5.3 Medium2026-04-24
CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 CWE-770 5.3 Medium2026-04-24
CVE-2026-42037 Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream CWE-93 5.3 Medium2026-04-24
CVE-2026-42038 Axios: no_proxy bypass via IP alias allows SSRF CWE-918 6.8 Medium2026-04-24
CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy CWE-287 4.8 Medium2026-04-24
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 CWE-183 7.2 High2026-04-24
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` CWE-915 6.5 Medium2026-04-24
CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams CWE-116 3.7 Low2026-04-24
CVE-2026-42035 Axios: Header Injection via Prototype Pollution CWE-113 7.4 High2026-04-24
CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking CWE-1321 7.4 High2026-04-24
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain CWE-113 4.8 Medium2026-04-10
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF CWE-441 7.4AIHighAI2026-04-09
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability CWE-400 5.9 Medium2026-04-08
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig CWE-754 7.5 High2026-02-09
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check CWE-770 7.5 High2025-09-12
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests CWE-918 10.0 -2025-03-07
CVE-2024-57965 Axios 安全漏洞 CWE-346--2025-01-29
CVE-2019-10742 Axios 输入验证错误漏洞 7.5 -2019-05-07

All 20 known CVE vulnerabilities affecting axios with full Chinese analysis, references, and POCs where available.