Browse all 22 CVE security advisories affecting axios. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Axios is a widely adopted HTTP client for JavaScript environments, primarily utilized in browser and Node.js applications to simplify asynchronous data fetching. Despite its popularity, the library has faced 21 recorded Common Vulnerabilities and Exposures (CVEs), predominantly stemming from improper input validation and prototype pollution issues. These flaws often enable remote code execution or cross-site scripting attacks when user-controlled data is passed directly into configuration objects without sanitization. Notably, several vulnerabilities allowed attackers to bypass security controls by manipulating internal headers or request parameters. While Axios itself does not store data, its widespread integration into frontend frameworks makes it a frequent target for supply chain attacks. Developers must ensure strict input validation and keep dependencies updated to mitigate risks associated with these historical security gaps, particularly in applications handling sensitive user information.
GHSA-q8qp-cvcw-x6jg2026-05-08CVE-2025-627182026-04-25CVE-2026-42422026-04-25CVE-2024-205342026-04-25CVE-2026-420392026-04-25CVE-2026-425382026-04-25CVE-2024-20352026-04-25Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with axios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.