axios — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting axios. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by axios:axios axios/axios

CVE ID	Title	CVSS	Severity	Published
CVE-2026-42042	Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion — axiosCWE-183	5.4	Medium	2026-04-24
CVE-2026-42039	Axios: unbounded recursion in toFormData causes DoS via deeply nested request data — axiosCWE-674	7.5^AI	High^AI	2026-04-24
CVE-2026-42036	Axios: HTTP adapter streamed responses bypass maxContentLength — axiosCWE-770	5.3	Medium	2026-04-24
CVE-2026-42034	Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 — axiosCWE-770	5.3	Medium	2026-04-24
CVE-2026-42037	Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream — axiosCWE-93	5.3	Medium	2026-04-24
CVE-2026-42038	Axios: no_proxy bypass via IP alias allows SSRF — axiosCWE-918	6.8	Medium	2026-04-24
CVE-2026-42041	Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy — axiosCWE-287	4.8	Medium	2026-04-24
CVE-2026-42043	Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 — axiosCWE-183	7.2	High	2026-04-24
CVE-2026-42044	Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` — axiosCWE-915	6.5	Medium	2026-04-24
CVE-2026-42040	Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams — axiosCWE-116	3.7	Low	2026-04-24
CVE-2026-42035	Axios: Header Injection via Prototype Pollution — axiosCWE-113	7.4	High	2026-04-24
CVE-2026-42033	Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking — axiosCWE-1321	7.4	High	2026-04-24
CVE-2026-40175	Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain — axiosCWE-113	4.8	Medium	2026-04-10
CVE-2025-62718	Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF — axiosCWE-441	7.4^AI	High^AI	2026-04-09
CVE-2026-39865	Axios HTTP/2 Session Cleanup State Corruption Vulnerability — axiosCWE-400	5.9	Medium	2026-04-08
CVE-2026-25639	Axios affected by Denial of Service via __proto__ Key in mergeConfig — axiosCWE-754	7.5	High	2026-02-09
CVE-2025-58754	Axios is vulnerable to DoS attack through lack of data size check — axiosCWE-770	7.5	High	2025-09-12
CVE-2025-27152	Possible SSRF and Credential Leakage via Absolute URL in axios Requests — axiosCWE-918	10.0	-	2025-03-07
CVE-2024-57965	Axios 安全漏洞 — axiosCWE-346	-	-	2025-01-29
CVE-2021-3749	Inefficient Regular Expression Complexity in axios/axios — axios/axiosCWE-1333	7.5	-	2021-08-31
CVE-2019-10742	Axios 输入验证错误漏洞 — axios	7.5	-	2019-05-07

This page lists every published CVE security advisory associated with axios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

axios — Vulnerabilities & Security Advisories 21