npm package
axios
pkg:npm/axios
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2026-2307Malicious code in axios (npm)Mar 31, 2026
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3749 | — | < 0.21.2 | 0.21.2 | Aug 31, 2021 | axios is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2020-28168 | — | < 0.21.1 | 0.21.1 | Nov 6, 2020 | Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | ||
| CVE-2019-10742 | — | < 0.18.1 | 0.18.1 | May 7, 2019 | Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. |
- CVE-2021-3749Aug 31, 2021affected < 0.21.2fixed 0.21.2
axios is vulnerable to Inefficient Regular Expression Complexity
- CVE-2020-28168Nov 6, 2020affected < 0.21.1fixed 0.21.1
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
- CVE-2019-10742May 7, 2019affected < 0.18.1fixed 0.18.1
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Page 2 of 2