Promise based HTTP client for the browser and node.js
84%
Total Score
100
89
89
56
100
| Title | Versions | Severity |
|---|---|---|
AIKIDO-2026-291630 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. axios is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 0.19.1 - 1.17.0. | 0.19.1 - 1.17.0 | High |
AIKIDO-2026-38469 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. axios is vulnerable to Server-Side Request Forgery (SSRF) in versions 0.19.1 - 1.17.0. | 0.19.1 - 1.17.0 | Medium |
CVE-2026-44496 axios is vulnerable to Uncontrolled Resource Consumption in versions 1.0.0 - 1.16.0 and 0.0.0 - 0.31.1. | 0.0.0 - 0.31.11.0.0 - 1.16.0 | High |
CVE-2026-44488 axios is vulnerable to Allocation of Resources Without Limits or Throttling in versions 1.7.0 - 1.16.0. | 1.7.0 - 1.16.0 | High |
CVE-2026-44487 axios is vulnerable to Insertion of Sensitive Information Into Sent Data in versions 1.0.0 - 1.16.0 and 0.0.0 - 0.31.1. | 0.0.0 - 0.31.11.0.0 - 1.16.0 | High |
| Dependency | Last Release | Score |
|---|---|---|
form-data Version ^4.0.5 | — | — |
proxy-from-env Version ^2.1.0 | — | — |
follow-redirects Version ^1.16.0 | — | — |
https-proxy-agent Version ^5.0.1 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant