CVE-2026-42043 critical 10.0
10.0
1mo ago
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
debian npm
CVE-2025-62718 critical 9.9
9.9
2mo ago
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback…
suse debian npm
CVE-2026-42264 critical 9.1
9.1
20d ago
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
suse debian npm
CVE-2026-42044 critical 9.1
9.1
1mo ago
Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
debian npm
CVE-2026-42041 medium 6.5
6.5
1mo ago
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
suse debian npm
CVE-2026-42042 medium 5.4
5.4
1mo ago
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
debian npm
CVE-2026-42037 medium 5.3
5.3
1mo ago
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
debian npm
CVE-2026-42036 medium 5.3
5.3
1mo ago
Axios: HTTP adapter streamed responses bypass maxContentLength
debian npm
CVE-2026-42034 medium 5.3
5.3
1mo ago
Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
debian npm
CVE-2026-40175 medium 4.8
4.8
2mo ago
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
debian npm
CVE-2026-42040 low 3.7
3.7
1mo ago
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
debian npm