Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via `setAttribute('href' href)` in `/axios/dist/axios.js` due to improper input sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `axios` to version 1.7.8 or higher.	<1.7.8
H Server-side Request Forgery (SSRF) axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. An attacker can manipulate the server to make unauthorized requests by exploiting this behavior. How to fix Server-side Request Forgery (SSRF)? Upgrade `axios` to version 1.7.4 or higher.	>=1.3.2 <1.7.4

Cross-site Scripting (XSS)

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via setAttribute('href' href) in /axios/dist/axios.js due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

Upgrade axios to version 1.7.8 or higher.

<1.7.8

Server-side Request Forgery (SSRF)

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. An attacker can manipulate the server to make unauthorized requests by exploiting this behavior.

How to fix Server-side Request Forgery (SSRF)?

Upgrade axios to version 1.7.4 or higher.

>=1.3.2 <1.7.4

Go back to all versions of this package