Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
7.5CVSS
7.2AI Score
0.003EPSS
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
5.9CVSS
5.8AI Score
0.003EPSS
7.5CVSS
7.3AI Score
0.019EPSS
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
6.5CVSS
6.1AI Score
0.001EPSS
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
7.5CVSS
7.2AI Score
0.001EPSS