Version 1.7.8

axios

Promise based HTTP client for the browser and node.js

Install Instructions

npm install axios
Current Version Release Date November 25, 2024
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/axios@1.7.8

Find axios vulnerabilities in your supply chain.

Scan for Free

axios Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2023-45857 Medium 6.5 CWE-352 0.0007 0.32258
  • 1.0.0–1.5.1
  • 0.8.1–0.27.2
CVE-2024-39338 High 7.5 CWE-918 0.00084 0.37307
  • 1.3.2–1.7.3
CVE-2020-28168 Medium 5.9 CWE-918 0.00274 0.68811
  • 0.1.0–0.21.0
CVE-2021-3749 High 7.5 CWE-1333, CWE-400 0.01883 0.88937
  • 0.1.0–0.21.1
CVE-2019-10742 High 7.5 CWE-755, CWE-20 0.00325 0.7154
  • 0.1.0–0.18.0

axios Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-39338 axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. 1.6.6, 1.6.2, 1.6.1, 1.6.0, 1.3.4, 1.7.2, 1.7.1, 1.3.6 (Show all) Minor → 1.7.4
CVE-2023-45857 An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. 0.27.2, 0.27.0, 0.21.2, 0.22.0, 1.3.4, 1.2.2, 1.3.6, 1.3.5 (Show all) Minor → 0.28.0
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 0.20.0, 0.19.2, 0.1.0, 0.6.0, 0.16.1, 0.9.1, 0.2.1, 0.16.2 (Show all) Minor → 0.28.0
CVE-2020-28168 Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 0.20.0, 0.19.2, 0.1.0, 0.6.0, 0.16.1, 0.9.1, 0.2.1, 0.16.2 (Show all) Minor → 0.28.0
CVE-2019-10742 Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. 0.1.0, 0.6.0, 0.16.1, 0.9.1, 0.2.1, 0.16.2, 0.14.0, 0.8.1 (Show all) Minor → 0.28.0

Instantly see if these axios vulnerabilities affect your code.

Scan for Free