GHSA-777C-7FJR-54VF Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

CVE-2025-58754

CVE-2025-58754 affects Axios (Node.js) where, in versions prior to 0.30.2 and 1.12.0, processing a data: URL causes the Node http adapter to decode the entire payload into memory, bypassing maxContentLength/maxBodyLength, and return a synthetic 200 response. This can lead to unbounded memory allo...