CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

EUVD-2026-36261

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust...

Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

EUVD-2026-25602

Axios: HTTP adapter streamed responses bypass maxContentLength...

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the HTTP response handling path in the http.js adapter. An attacker can force a client to accept and process ...

CVE-2026-42036

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise from using responseType set to stream, causing Axios to return response streams without enforcing maxContentLength, thereby bypassing the...

PT-2024-33677 · Werkzeug +5 · Werkzeug +5

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: Applications using werkzeug.formparser.MultiPartParser to parse multipart/form-data requests are vulnerable to a relatively simple but effective resource exhaustion attack. A specifically crafted...

Denial Of Service (DoS)

github.com/42atomys/stud42 is vulnerable to Denial of Service DoS. The vulnerability exits due to the graphQL parser which has the potential to overload the API pod because it does not check for a max content length, resulting in an attacker crashing the application...

UBUNTU-CVE-2019-10742

Axios up to and including 0.18.0 allows attackers to cause a denial of service application crash by continuing to accepting content after maxContentLength is exceeded...

Denial of Service (DoS)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Denial of Service DoS due to content continuing to be accepted from requests after maxContentLength is exceeded. PoC require'axios'.get...

PT-2010-3673 · Sblim · Sblim-Sfcb

Name of the Vulnerable Software and Affected Versions: SBLIM SFCB versions 1.3.4 through 1.3.7 Description: The issue is related to an integer overflow in the httpAdapter.c component of SBLIM SFCB. This occurs when the configuration sets httpMaxContentLength to a zero value, allowing remote...