Where
-Infinity
0

Trending

Last week
Last month
Last year

npm/axiosAxios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

Risk 66
Severity
9.1
First published (updated )
CVE-2026-42264

npm/axiosAxios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

Risk 34
Severity
5.4
First published (updated )
CVE-2026-42042

npm/axiosAxios: unbounded recursion in toFormData causes DoS via deeply nested request data

Risk 43
Severity
6.9
First published (updated )
CVE-2026-42039

npm/axiosAxios: HTTP adapter streamed responses bypass maxContentLength

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42036

npm/axiosAxios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42034
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream

Risk 27
Severity
5.3
First published (updated )
CVE-2026-42037

npm/axiosAxios: no_proxy bypass via IP alias allows SSRF

Risk 43
Severity
7.5
First published (updated )
CVE-2026-42038

npm/axiosAxios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Risk 40
Severity
6.5
First published (updated )
CVE-2026-42041

npm/axiosAxios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Risk 73
Severity
10
First published (updated )
CVE-2026-42043

npm/axiosAxios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Risk 66
Severity
9.1
First published (updated )
CVE-2026-42044
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Risk 20
Severity
3.7
First published (updated )
CVE-2026-42040

npm/axiosAxios: Header Injection via Prototype Pollution

Risk 56
Severity
7.4
First published (updated )
CVE-2026-42035

npm/axiosAxios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Risk 56
Severity
7.4
First published (updated )
CVE-2026-42033

npm/axiosAxios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Risk 92
Severity
10
First published (updated )
CVE-2026-40175

Axios Axios Node.jsAxios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Risk 72
Severity
9.3
First published (updated )
CVE-2025-62718
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosAxios HTTP/2 Session Cleanup State Corruption Vulnerability

Risk 35
Severity
5.9
First published (updated )
CVE-2026-39865

Axios Axios Node.jsAxios affected by Denial of Service via __proto__ Key in mergeConfig

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-25639

IBM Cloud Pak SystemAxios is vulnerable to DoS attack through lack of data size check

Risk 43
Severity
7.5
First published (updated )
CVE-2025-58754

npm/axiosPossible SSRF and Credential Leakage via Absolute URL in axios Requests

Risk 32
Severity
7.7
EPSS
0.05%
First published (updated )
CVE-2025-27152

Axios axiosIn axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an …

Risk 86
Severity
9.8
First published (updated )
CVE-2024-57965
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/axiosSSRF

Risk 45
Severity
7.5
First published (updated )
CVE-2024-39338

IBM Data Virtualization on Cloud Pak for DataCSRF

Risk 40
Severity
6.5
First published (updated )
CVE-2023-45857

Siemens Sinec InsInefficient Regular Expression Complexity in axios/axios

Risk 46
Severity
7.8
First published (updated )
CVE-2021-3749

Axios Axios Node.jsAxios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) b…

Risk 43
Severity
7.5
First published (updated )
CVE-2019-10742

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203