NodeJS/axios/0.16.2
Promise based HTTP client for the browser and node.js
https://www.npmjs.com/package/axios
MIT
4 Security Vulnerabilities
Denial of Service in axios
- https://nvd.nist.gov/vuln/detail/CVE-2019-10742
- https://github.com/advisories/GHSA-42xw-2xvc-qx8m
- https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://github.com/axios/axios/issues/1098
- https://github.com/axios/axios/pull/1485
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://www.npmjs.com/advisories/880
- https://github.com/axios/axios/commit/acabfbdf00a58bb866c9d070e8a10d1d0dbeb572
Versions of axios
prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength
property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.
Recommendation
Upgrade to 0.18.1 or later.
Axios vulnerable to Server-Side Request Forgery
- https://nvd.nist.gov/vuln/detail/CVE-2020-28168
- https://github.com/advisories/GHSA-4w2v-q235-vp99
- https://github.com/axios/axios/issues/3369
- https://github.com/axios/axios/commit/c7329fefc890050edd51e40e469a154d0117fc55
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://www.npmjs.com/package/axios
- https://www.npmjs.com/advisories/1594
- https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
axios Inefficient Regular Expression Complexity vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-3749
- https://github.com/advisories/GHSA-cph5-m8f7-6c5x
- https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
- https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31
- https://www.npmjs.com/package/axios
- https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E
- https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.
Axios Cross-Site Request Forgery Vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2023-45857
- https://github.com/axios/axios/issues/6006
- https://github.com/axios/axios/issues/6022
- https://github.com/axios/axios/pull/6028
- https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0
- https://github.com/axios/axios/releases/tag/v1.6.0
- https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
- https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
- https://github.com/axios/axios/pull/6091
- https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967
- https://github.com/axios/axios/releases/tag/v0.28.0
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
94 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.7.0-beta.0 | MIT | 2024-04-28 - 19:50 | 7 days | |
1.6.8 | MIT | 2024-03-15 - 16:32 | about 2 months | |
1.6.7 | MIT | 2024-01-25 - 19:58 | 3 months | |
1.6.6 | MIT | 2024-01-24 - 23:12 | 3 months | |
1.6.5 | MIT | 2024-01-05 - 19:52 | 4 months | |
1.6.4 | MIT | 2024-01-03 - 22:10 | 4 months | |
1.6.3 | MIT | 2023-12-26 - 23:16 | 4 months | |
1.6.2 | MIT | 2023-11-14 - 20:36 | 6 months | |
1.6.1 | MIT | 2023-11-08 - 15:09 | 6 months | |
1.6.0 | MIT | 2023-10-26 - 21:15 | 6 months | |
1.5.1 | MIT | 1 | 2023-09-26 - 18:22 | 7 months |
1.5.0 | MIT | 1 | 2023-08-26 - 19:10 | 8 months |
1.4.0 | MIT | 1 | 2023-04-27 - 23:05 | about 1 year |
1.3.6 | MIT | 1 | 2023-04-19 - 19:38 | about 1 year |
1.3.5 | MIT | 1 | 2023-04-05 - 18:03 | about 1 year |
1.3.4 | MIT | 1 | 2023-02-22 - 21:06 | about 1 year |
1.3.3 | MIT | 1 | 2023-02-13 - 18:47 | about 1 year |
1.3.2 | MIT | 1 | 2023-02-03 - 18:10 | over 1 year |
1.3.1 | MIT | 1 | 2023-02-01 - 23:31 | over 1 year |
1.3.0 | MIT | 1 | 2023-01-31 - 16:55 | over 1 year |
1.2.6 | MIT | 1 | 2023-01-28 - 16:41 | over 1 year |
1.2.5 | MIT | 1 | 2023-01-26 - 15:06 | over 1 year |
1.2.4 | MIT | 1 | 2023-01-24 - 17:21 | over 1 year |
1.2.3 | MIT | 1 | 2023-01-17 - 17:56 | over 1 year |
1.2.2 | MIT | 1 | 2022-12-29 - 06:38 | over 1 year |
1.2.1 | MIT | 1 | 2022-12-05 - 19:39 | over 1 year |
1.2.0 | MIT | 1 | 2022-11-22 - 19:06 | over 1 year |
1.2.0-alpha.1 | MIT | 1 | 2022-11-10 - 19:06 | over 1 year |
1.1.3 | MIT | 1 | 2022-10-15 - 13:42 | over 1 year |
1.1.2 | MIT | 1 | 2022-10-07 - 10:14 | over 1 year |
1.1.1 | MIT | 1 | 2022-10-07 - 09:15 | over 1 year |
1.1.0 | MIT | 1 | 2022-10-06 - 19:19 | over 1 year |
1.0.0 | MIT | 1 | 2022-10-04 - 19:24 | over 1 year |
1.0.0-alpha.1 | MIT | 2022-05-31 - 19:23 | almost 2 years | |
0.28.1 | MIT | 2024-03-28 - 17:36 | about 1 month | |
0.28.0 | MIT | 2024-02-12 - 18:38 | 3 months | |
0.27.2 | MIT | 1 | 2022-04-27 - 10:00 | about 2 years |
0.27.1 | MIT | 1 | 2022-04-26 - 07:36 | about 2 years |
0.27.0 | MIT | 1 | 2022-04-25 - 16:42 | about 2 years |
0.26.1 | MIT | 1 | 2022-03-09 - 17:13 | about 2 years |
0.26.0 | MIT | 1 | 2022-02-13 - 14:22 | about 2 years |
0.25.0 | MIT | 1 | 2022-01-18 - 07:14 | over 2 years |
0.24.0 | MIT | 1 | 2021-10-25 - 17:51 | over 2 years |
0.23.0 | MIT | 1 | 2021-10-12 - 15:37 | over 2 years |
0.22.0 | MIT | 1 | 2021-10-01 - 05:54 | over 2 years |
0.21.4 | MIT | 1 | 2021-09-06 - 15:35 | over 2 years |
0.21.3 | MIT | 1 | 2021-09-04 - 19:05 | over 2 years |
0.21.2 | MIT | 1 | 2021-09-04 - 10:18 | over 2 years |
0.21.1 | MIT | 2 | 2020-12-22 - 04:20 | over 3 years |
0.21.0 | MIT | 3 | 2020-10-23 - 16:27 | over 3 years |
0.20.0 | MIT | 3 | 2020-08-21 - 03:12 | over 3 years |
0.20.0-0 | MIT | 3 | 2020-07-15 - 16:07 | almost 4 years |
0.19.2 | MIT | 3 | 2020-01-22 - 04:25 | over 4 years |
0.19.1 | MIT | 3 | 2020-01-07 - 17:23 | over 4 years |
0.19.0 | MIT | 3 | 2019-05-30 - 16:13 | almost 5 years |
0.19.0-beta.1 | MIT | 3 | 2018-08-09 - 18:44 | over 5 years |
0.18.1 | MIT | 3 | 2019-06-01 - 00:46 | almost 5 years |
0.18.0 | MIT | 4 | 2018-02-19 - 23:28 | about 6 years |
0.17.1 | MIT | 4 | 2017-11-11 - 23:24 | over 6 years |
0.17.0 | MIT | 4 | 2017-10-21 - 18:01 | over 6 years |
0.16.2 | MIT | 4 | 2017-06-03 - 19:29 | almost 7 years |
0.16.1 | MIT | 4 | 2017-04-08 - 18:51 | about 7 years |
0.16.0 | MIT | 4 | 2017-04-01 - 02:31 | about 7 years |
0.15.3 | MIT | 4 | 2016-11-27 - 21:59 | over 7 years |
0.15.2 | MIT | 4 | 2016-10-18 - 01:33 | over 7 years |
0.15.1 | MIT | 4 | 2016-10-15 - 06:39 | over 7 years |
0.15.0 | MIT | 4 | 2016-10-11 - 04:40 | over 7 years |
0.14.0 | MIT | 4 | 2016-08-27 - 18:30 | over 7 years |
0.13.1 | MIT | 4 | 2016-07-16 - 17:13 | almost 8 years |
0.13.0 | MIT | 4 | 2016-07-13 - 19:42 | almost 8 years |
0.12.0 | MIT | 4 | 2016-06-01 - 05:22 | almost 8 years |
0.11.1 | MIT | 4 | 2016-05-17 - 15:59 | almost 8 years |
0.11.0 | MIT | 4 | 2016-04-27 - 04:19 | about 8 years |
0.10.0 | MIT | 4 | 2016-04-21 - 04:52 | about 8 years |
0.9.1 | MIT | 4 | 2016-01-24 - 22:19 | over 8 years |
0.9.0 | MIT | 4 | 2016-01-18 - 18:19 | over 8 years |
0.8.1 | MIT | 4 | 2015-12-15 - 03:44 | over 8 years |
0.8.0 | MIT | 3 | 2015-12-11 - 19:09 | over 8 years |
0.7.0 | MIT | 3 | 2015-09-29 - 06:36 | over 8 years |
0.6.0 | MIT | 3 | 2015-09-21 - 20:20 | over 8 years |
0.5.4 | MIT | 3 | 2015-04-08 - 18:49 | about 9 years |
0.5.3 | MIT | 3 | 2015-04-08 - 03:01 | about 9 years |
0.5.2 | MIT | 3 | 2015-03-13 - 23:14 | about 9 years |
0.5.1 | MIT | 3 | 2015-03-10 - 20:47 | about 9 years |
0.5.0 | MIT | 3 | 2015-01-23 - 10:15 | over 9 years |
0.4.2 | MIT | 3 | 2014-12-11 - 07:14 | over 9 years |
0.4.1 | MIT | 3 | 2014-10-15 - 18:19 | over 9 years |
0.4.0 | MIT | 3 | 2014-10-05 - 23:55 | over 9 years |
0.3.1 | MIT | 3 | 2014-09-17 - 00:31 | over 9 years |
0.3.0 | MIT | 3 | 2014-09-16 - 18:20 | over 9 years |
0.2.2 | MIT | 3 | 2014-09-15 - 03:30 | over 9 years |
0.2.1 | MIT | 3 | 2014-09-12 - 22:57 | over 9 years |
0.2.0 | MIT | 3 | 2014-09-12 - 20:06 | over 9 years |
0.1.0 | MIT | 3 | 2014-08-29 - 23:08 | over 9 years |