Live data from GitHub and npm, updated daily.
Data last fetched: 2026-05-15
10 active CVEs reported via OSV.dev
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
Denial of Service in axios
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
Axios is vulnerable to DoS attack through lack of data size check
Axios vulnerable to Server-Side Request Forgery
Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Axios: Header Injection via Prototype Pollution
Other Developer Tools projects in the Node.js ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Axios โ without relying on volunteer maintainers.
Talk to an Expert โ