npm / axios

axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

수정: 2026. 6. 1.

axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

수정: 2026. 6. 8.

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

수정: 2026. 5. 8.

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

수정: 2026. 5. 6.

Denial of Service in axios

수정: 2023. 11. 8.

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

수정: 2026. 5. 8.

Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream

수정: 2026. 5. 6.

Axios is vulnerable to DoS attack through lack of data size check

수정: 2026. 2. 4.

Axios vulnerable to Server-Side Request Forgery

수정: 2023. 11. 8.

Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

수정: 2026. 5. 6.

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

수정: 2026. 6. 8.

Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

수정: 2026. 6. 1.

Axios: Header Injection via Prototype Pollution

수정: 2026. 5. 6.

Allocation of Resources Without Limits or Throttling in Axios

수정: 2026. 6. 4.

axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions

수정: 2026. 6. 1.

Server-Side Request Forgery in axios

수정: 2026. 2. 4.

axios Inefficient Regular Expression Complexity vulnerability

수정: 2023. 11. 8.

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

수정: 2026. 5. 20.

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

수정: 2026. 6. 4.

Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

수정: 2026. 6. 4.

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

수정: 2026. 2. 4.

Axios: no_proxy bypass via IP alias allows SSRF

수정: 2026. 5. 6.

Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

수정: 2026. 6. 4.

Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

수정: 2026. 5. 6.

axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

수정: 2026. 6. 1.

Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

수정: 2026. 5. 6.

Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking

수정: 2026. 5. 12.

Axios HTTP/2 Session Cleanup State Corruption Vulnerability

수정: 2026. 5. 5.

Axios: HTTP adapter streamed responses bypass maxContentLength

수정: 2026. 5. 6.

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

수정: 2026. 5. 6.

Axios Cross-Site Request Forgery Vulnerability

수정: 2026. 2. 4.

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

수정: 2026. 5. 6.

Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

수정: 2026. 5. 6.

Malicious code in axios (npm)

수정: 2026. 4. 7.