Axios
By the Year
In 2024 there have been 0 vulnerabilities in Axios . Last year Axios had 1 security vulnerability published. Right now, Axios is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 6.50 |
2022 | 0 | 0.00 |
2021 | 1 | 7.50 |
2020 | 1 | 5.90 |
2019 | 1 | 7.50 |
2018 | 0 | 0.00 |
It may take a day or so for new Axios vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Axios Security Vulnerabilities
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host
CVE-2023-45857
6.5 - Medium
- November 08, 2023
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Session Riding
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3749
7.5 - High
- August 31, 2021
axios is vulnerable to Inefficient Regular Expression Complexity
ReDoS
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL
CVE-2020-28168
5.9 - Medium
- November 06, 2020
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
XSPA
Axios up to and including 0.18.0
CVE-2019-10742
7.5 - High
- May 07, 2019
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Improper Input Validation