Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded yesterday2 views

UBUNTU-CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0004EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2 days ago4 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0004EPSS
Exploits1
Snyk
Snykadded 2026/06/04 2:21 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...

7.5CVSS5.5AI score0.0004EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/05 12:33 a.m.6 views

EUVD-2026-25601

Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0...

5.3CVSS5.8AI score0.00096EPSS
Exploits1References2
OSV
OSVadded 2026/05/05 12:33 a.m.3 views

GHSA-5C9X-8GCM-MPGX Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0

Summary For stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits. Details Relevant flow in lib/adapters/http.js: - 556-564: maxBodyLength check applie...

5.3CVSS5.8AI score0.00096EPSS
Exploits1References3
Veracode
Veracodeadded 2026/04/30 5:14 a.m.6 views

Stream Request Bypass

Axios is vulnerable to Stream Request Bypass. The vulnerability is due to the bypassing of maxBodyLength when maxRedirects is set to 0 for stream request bodies, where oversized streamed uploads are sent fully even when the caller sets strict body limits...

5.3CVSS5.2AI score0.00096EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2026/04/24 7:20 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body larger than the...

6.9CVSS5.6AI score0.00096EPSS
Exploits1References2
Rows per page
Query Builder