threat
engine
.sh
Back
·
··:··
Home
/
Product
/
axios
Product
axios
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-42264
>= 1.0.0 and < 1.15.2
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config proper
7.4
HIGH
CVE-2026-42044
>= 1.0.0 and < 1.15.1
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a
6.5
MEDIUM
CVE-2026-42043
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the ta
7.2
HIGH
CVE-2026-42042
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token prote
5.4
MEDIUM
CVE-2026-42041
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a
4.8
MEDIUM
CVE-2026-42040
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers
3.7
LOW
CVE-2026-42039
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested
7.5
HIGH
CVE-2026-42038
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normali
6.8
MEDIUM
CVE-2026-42037
>= 1.0.0 and < 1.15.1
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib
5.3
MEDIUM
CVE-2026-42036
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used,
5.3
MEDIUM
CVE-2026-42035
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists
7.4
HIGH
CVE-2026-42034
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLe
5.3
MEDIUM
CVE-2026-42033
< 0.31.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been pollu
7.4
HIGH
CVE-2026-40175
< 0.31.0
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific
4.8
MEDIUM
CVE-2025-62718
< 1.15.0
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle host
9.9
CRITICAL
CVE-2026-39865
>= 1.0.0 and < 1.13.2
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 ses
5.9
MEDIUM
CVE-2026-25639
< 1.13.5
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in
7.5
HIGH
CVE-2025-58754
< 0.30.2
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30
7.5
HIGH
CVE-2025-27152
< 0.30.0
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol
5.3
MEDIUM
CVE-2024-57965
< 1.7.8
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially
NONE
CVE-2024-39338
>= 1.3.2 and < 1.7.4
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
7.5
HIGH
CVE-2023-45857
all versions
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP
6.5
MEDIUM
CVE-2021-3749
<= 0.21.1
axios is vulnerable to Inefficient Regular Expression Complexity
7.5
HIGH
CVE-2020-28168
>= 0.19.0 and <= 0.21.0
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy b
5.9
MEDIUM
CVE-2019-10742
<= 0.18.0
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting cont
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin