org.webjars.npm:axios

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:axios package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Prototype Pollution	[1.0.0,1.15.2)
M Server-side Request Forgery (SSRF)	[,1.15.1)
M Incomplete List of Disallowed Inputs	[1.15.0,1.15.1)
M Improper Encoding or Escaping of Output	[,1.15.1)
C HTTP Response Splitting	[,1.15.1)
M Allocation of Resources Without Limits or Throttling	[,1.15.1)
M Allocation of Resources Without Limits or Throttling	[,1.15.1)
M Insertion of Sensitive Information Into Sent Data	[,1.15.1)
M CRLF Injection	[1.3.0,1.15.1)
C Prototype Pollution	[,1.15.1)
H Improperly Controlled Modification of Dynamically-Determined Object Attributes	[1.0.0,1.15.2)
H Uncontrolled Recursion	[,1.15.1)
M Prototype Pollution	[,1.15.1)
H HTTP Response Splitting	[,1.15.0)
M Unintended Proxy or Intermediary ('Confused Deputy')	[,1.15.0)
H Allocation of Resources Without Limits or Throttling	[1.13.0,1.14.0)
H Prototype Pollution	[,1.13.5)
M Allocation of Resources Without Limits or Throttling	[,0.30.2)[1.1.2,1.12.2)
M Server-side Request Forgery (SSRF)	[,1.8.3)
M Server-side Request Forgery (SSRF)	[,1.8.3)
H Server-side Request Forgery (SSRF)	[,1.7.4)
H Prototype Pollution	[,1.6.5)
M Regular Expression Denial of Service (ReDoS)	[,1.6.5)
H Cross-site Request Forgery (CSRF)	[1.0.0,1.6.0)[0.8.1,0.28.0)
H Regular Expression Denial of Service (ReDoS)	[,0.21.4)
M Server-Side Request Forgery (SSRF)	[0,0.21.1)
M Denial of Service (DoS)	[,0.19.0)

Vulnerability

Vulnerable Version

Prototype Pollution

[1.0.0,1.15.2)

Server-side Request Forgery (SSRF)

[,1.15.1)

Incomplete List of Disallowed Inputs

[1.15.0,1.15.1)

Improper Encoding or Escaping of Output

[,1.15.1)

HTTP Response Splitting

[,1.15.1)

Allocation of Resources Without Limits or Throttling

[,1.15.1)

Allocation of Resources Without Limits or Throttling

[,1.15.1)

Insertion of Sensitive Information Into Sent Data

[,1.15.1)

CRLF Injection

[1.3.0,1.15.1)

Prototype Pollution

[,1.15.1)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

[1.0.0,1.15.2)

Uncontrolled Recursion

[,1.15.1)

Prototype Pollution

[,1.15.1)

HTTP Response Splitting

[,1.15.0)

Unintended Proxy or Intermediary ('Confused Deputy')

[,1.15.0)

Allocation of Resources Without Limits or Throttling

[1.13.0,1.14.0)

Prototype Pollution

[,1.13.5)

Allocation of Resources Without Limits or Throttling

[,0.30.2)[1.1.2,1.12.2)

Server-side Request Forgery (SSRF)

[,1.8.3)

Server-side Request Forgery (SSRF)

[,1.8.3)

Server-side Request Forgery (SSRF)

[,1.7.4)

Prototype Pollution

[,1.6.5)

Regular Expression Denial of Service (ReDoS)

[,1.6.5)

Cross-site Request Forgery (CSRF)

[1.0.0,1.6.0)[0.8.1,0.28.0)

Regular Expression Denial of Service (ReDoS)

[,0.21.4)

Server-Side Request Forgery (SSRF)

[0,0.21.1)

Denial of Service (DoS)

[,0.19.0)

Package versions

68 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
1.16.1	15 May, 2026	0 C 0 H 0 M 0 L
1.16.0	13 May, 2026	0 C 0 H 0 M 0 L
1.15.2	22 Apr, 2026	0 C 0 H 0 M 0 L
1.15.1	21 Apr, 2026	1 C 1 H 0 M 0 L
1.15.0	13 Apr, 2026	3 C 2 H 8 M 0 L
1.14.0	31 Mar, 2026	3 C 3 H 8 M 0 L
1.13.6	15 Mar, 2026	3 C 4 H 8 M 0 L
1.13.5	9 Feb, 2026	3 C 4 H 8 M 0 L
1.13.4	6 Feb, 2026	3 C 5 H 8 M 0 L
1.13.3	26 Jan, 2026	3 C 5 H 8 M 0 L