VYPR

npm package

axios

pkg:npm/axios

Malware

2 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (27)

  • CVE-2025-58754Sep 12, 2025
    affected >= 1.0.0, < 1.12.0fixed 1.12.0

    Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire

  • CVE-2025-27152Mar 7, 2025
    affected >= 1.0.0, < 1.8.2fixed 1.8.2

    axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leaka

  • CVE-2024-39338Aug 9, 2024
    affected >= 1.3.2, < 1.7.4fixed 1.7.4

    axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

  • CVE-2023-45857Nov 8, 2023
    affected >= 1.0.0, < 1.6.0fixed 1.6.0

    An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

  • CVE-2021-3749Aug 31, 2021
    affected < 0.21.2fixed 0.21.2

    axios is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2020-28168Nov 6, 2020
    affected < 0.21.1fixed 0.21.1

    Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

  • CVE-2019-10742May 7, 2019
    affected < 0.18.1fixed 0.18.1

    Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Page 2 of 2