Exposición de Axios
JavaScript libraries83
score de exposición
111.117
sitios usan
0
en explotación
0
críticos
CVEs
30 resultadosCVE-2019-10742—Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after EPSS 6.0%CVE-2026-25639HIGHAxios affected by Denial of Service via __proto__ Key in mergeConfigEPSS 1.2%CVE-2025-58754HIGHAxios is vulnerable to DoS attack through lack of data size checkEPSS 1.1%CVE-2025-62718MEDIUMAxios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRFEPSS 1.1%CVE-2026-40175MEDIUMAxios has Unrestricted Cloud Metadata Exfiltration via Header Injection ChainEPSS 0.9%CVE-2025-27152HIGHPossible SSRF and Credential Leakage via Absolute URL in axios RequestsEPSS 0.8%CVE-2026-39865MEDIUMAxios HTTP/2 Session Cleanup State Corruption VulnerabilityEPSS 0.7%CVE-2026-44492HIGHAxios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)EPSS 0.5%CVE-2026-44494HIGHAxios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`EPSS 0.5%CVE-2026-42036MEDIUMAxios: HTTP adapter streamed responses bypass maxContentLengthEPSS 0.4%CVE-2026-42264HIGHAxios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijackingEPSS 0.4%CVE-2026-42039MEDIUMAxios: unbounded recursion in toFormData causes DoS via deeply nested request dataEPSS 0.4%CVE-2026-42043HIGHAxios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0EPSS 0.4%CVE-2026-42035HIGHAxios: Header Injection via Prototype PollutionEPSS 0.4%CVE-2026-44487HIGHAxios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP AdapterEPSS 0.4%CVE-2026-42033HIGHAxios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request HijackingEPSS 0.4%CVE-2026-44496HIGHAxios: Regular Expression Denial of Service (ReDoS) via Cookie Name InjectionEPSS 0.3%CVE-2026-44488HIGHAxios: Allocation of Resources Without Limits or Throttling in axiosEPSS 0.3%CVE-2024-57965NONEIn axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted sEPSS 0.3%CVE-2026-42034MEDIUMAxios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0EPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →