Axios
By the Year
In 2024 there have been 1 vulnerability in Axios with an average score of 7.5 out of ten. Last year Axios had 1 security vulnerability published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.00.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 7.50 |
2023 | 1 | 6.50 |
2022 | 0 | 0.00 |
2021 | 1 | 7.50 |
2020 | 1 | 5.90 |
2019 | 1 | 7.50 |
2018 | 0 | 0.00 |
It may take a day or so for new Axios vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Axios Security Vulnerabilities
axios 1.7.2 allows SSRF
CVE-2024-39338
7.5 - High
- August 12, 2024
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
XSPA
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host
CVE-2023-45857
6.5 - Medium
- November 08, 2023
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Session Riding
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3749
7.5 - High
- August 31, 2021
axios is vulnerable to Inefficient Regular Expression Complexity
ReDoS
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL
CVE-2020-28168
5.9 - Medium
- November 06, 2020
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
XSPA
Axios up to and including 0.18.0
CVE-2019-10742
7.5 - High
- May 07, 2019
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Improper Input Validation