OsVault/npm/axios
npm1 critical

axios

42 known vulnerabilities · 1 critical · 3 high

CVE-2024-39338HIGH

Server-Side Request Forgery in axios

Published Aug 12, 2024
CVE-2023-45857MEDIUM

Axios Cross-Site Request Forgery Vulnerability

Published Nov 8, 2023
MAL-2026-2307

Malicious code in axios (npm)

Published Mar 31, 2026
CVE-2025-54371

Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

Published Jul 23, 2025
CVE-2025-58754

Axios is vulnerable to DoS attack through lack of data size check

Published Sep 11, 2025
CVE-2020-28168MEDIUM

Axios vulnerable to Server-Side Request Forgery

Published Jan 4, 2021
CVE-2025-27152

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Published Mar 7, 2025
CVE-2021-3749HIGH

axios Inefficient Regular Expression Complexity vulnerability

Published Sep 1, 2021
GHSA-fvcv-3m26-pcqx

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Published Apr 10, 2026
GHSA-qj83-cq47-w5f8

Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Published Apr 8, 2026
CVE-2026-25639

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Published Feb 9, 2026
CVE-2019-10742HIGH

Denial of Service in axios

Published May 29, 2019
GHSA-3p68-rc4w-qgx5

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Published Apr 9, 2026
GHSA-qqvm-66q4-vf5c

Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Published Apr 16, 2026
MAL-2025-191389

Malicious code in axios-cancelable (npm)

Published Nov 25, 2025
MAL-2025-5149

Malicious code in adsk_react_axios (npm)

Published Jun 18, 2025
CVE-2025-70058

yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

Published Feb 23, 2026
MAL-2024-10692

Malicious code in axios-mockadptr (npm)

Published Nov 14, 2024
MAL-2024-10691

Malicious code in axios-cookiesupport (npm)

Published Nov 14, 2024
MAL-2023-116

Malicious code in axios-proxy (npm)

Published Mar 6, 2023
MAL-2025-47877

Malicious code in ancestry-axios (npm)

Published Oct 2, 2025
MAL-2026-2683

Malicious code in @athena-ui-components/axios (npm)

Published Apr 15, 2026
MAL-2023-20

Malicious code in @12build/account-api-ts-axios-sdk (npm)

Published Apr 3, 2023
MAL-2025-190832

Malicious code in axios-builder (npm)

Published Nov 24, 2025
GHSA-3hfp-gqgh-xc5g

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

Published Apr 2, 2026
MAL-2022-6829

Malicious code in usaa-axios-factory (npm)

Published Jun 20, 2022
CVE-2025-69202

axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Published Dec 30, 2025
MAL-2025-6153

Malicious code in axios-hehe (npm)

Published Jul 22, 2025
MAL-2024-10693

Malicious code in axios-older (npm)

Published Nov 14, 2024
MAL-2025-191068

Malicious code in axios-timed (npm)

Published Nov 24, 2025
MAL-2023-21

Malicious code in @12build/product-api-ts-axios-sdk (npm)

Published Apr 3, 2023
MAL-2022-6651

Malicious code in trin-axios (npm)

Published Oct 17, 2022
MAL-2025-5489

Malicious code in axios-browseragent (npm)

Published Jul 1, 2025
MAL-2022-1210

Malicious code in axios-replace (npm)

Published Jun 20, 2022
MAL-2024-109

Malicious code in sync-axios (npm)

Published Jan 15, 2024
CVE-2026-34841CRITICAL
Risk: 67.64/100

Axios npm Supply Chain Incident Impacting @usebruno/cli

Published Apr 2, 2026
MAL-2025-4061

Malicious code in axios-fingerprint (npm)

Published May 21, 2025
MAL-2025-367

Malicious code in webpathaxios (npm)

Published Jan 23, 2025
MAL-2025-7948

Malicious code in @frozen-team-qa/axios-client (npm)

Published Aug 14, 2025
MAL-2025-4813

Malicious code in axios-browserify (npm)

Published Jun 10, 2025
MAL-2025-47529

Malicious code in @sev-ui-verse/axios-client (npm)

Published Sep 25, 2025
MAL-2025-4275

Malicious code in axios.js (npm)

Published May 22, 2025
Check your entire dependency tree at onceRun dependency scan →