VIR Vulnerability Intelligence Relay

Package impact

npm npm / axios

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44495 unknown 6d ago axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
CVE-2026-44494 unknown 6d ago axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
CVE-2026-44492 unknown 6d ago axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
CVE-2026-44490 unknown 6d ago axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
CVE-2026-44489 unknown 6d ago Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix