axios
axios has 6 known security vulnerabilities in npm (Node.js). Upgrade to version 1.13.5 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
Recommended safe version: 1.13.5
Upgrading to 1.13.5 or later resolves all 6 known vulnerabilities in axios. Run: npm install axios@1.13.5
Is axios in your project?
Check if you're affected and upgrade to 1.13.5 to stay secure.
Vulnerabilities
6 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-43fc-jf86-j433 Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig | HIGH | All versions | 1.13.5, 0.30.3 |
| GHSA-4hjh-wcwx-xvwj Axios is vulnerable to DoS attack through lack of data size check | HIGH | All versions | 1.12.0, 0.30.2 |
| GHSA-8hc4-vh64-cxmj Server-Side Request Forgery in axios | HIGH | All versions | 1.7.4 |
| GHSA-jr5f-v2jv-69x6 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL | HIGH | All versions | 1.8.2, 0.30.0 |
| GHSA-cph5-m8f7-6c5x axios Inefficient Regular Expression Complexity vulnerability | HIGH | All versions | 0.21.2 |
| GHSA-wf5p-g6vw-rhxx Axios Cross-Site Request Forgery Vulnerability | MODERATE | All versions | 1.6.0, 0.28.0 |
About This Data
Vulnerability data for axios is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of axios.