Axios

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Axios.

By the Year

In 2025 there have been 0 vulnerabilities in Axios. Last year, in 2024 Axios had 1 security vulnerability published. Right now, Axios is on track to have less security vulnerabilities in 2025 than it did last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	1	7.50
2023	1	6.50
2022	0	0.00
2021	1	7.50
2020	1	5.90
2019	1	7.50
2018	0	0.00

It may take a day or so for new Axios vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Axios Security Vulnerabilities

axios 1.7.2 allows SSRF

CVE-2024-39338 7.5 - High - August 12, 2024

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

SSRF

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host

CVE-2023-45857 6.5 - Medium - November 08, 2023

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Session Riding

axios is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-3749 7.5 - High - August 31, 2021

axios is vulnerable to Inefficient Regular Expression Complexity

ReDoS

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL

CVE-2020-28168 5.9 - Medium - November 06, 2020

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

SSRF

Axios up to and including 0.18.0

CVE-2019-10742 7.5 - High - May 07, 2019

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Axios or by Axios? Click the Watch button to subscribe.

Axios
Vendor

Axios
Product

Axios

Don't miss out!

By the Year

Recent Axios Security Vulnerabilities

axios 1.7.2 allows SSRF CVE-2024-39338 7.5 - High - August 12, 2024

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host CVE-2023-45857 6.5 - Medium - November 08, 2023

axios is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3749 7.5 - High - August 31, 2021

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL CVE-2020-28168 5.9 - Medium - November 06, 2020

Axios up to and including 0.18.0 CVE-2019-10742 7.5 - High - May 07, 2019