Vulnerability Intelligence

Public vulnerability intelligence, dependency exposure and research context for npm packages.

•••
🌐

axios

Promise-based HTTP client for browser and Node.js security research

Current tracked
Current tracked 1.18.0
Fixed 1.18.0+
Affected <1.8.2; 1.13.0-1.13.1; <1.15.0; 1.15.0; <1.16.0; malicious: 1.14.1, 0.30.4

Axios is a widely used promise-based HTTP client for browsers and Node.js. It is commonly placed on authentication, API integration, redirect, proxy and service-to-service boundaries. Its current security relevance includes SSRF and credential leakage via URL resolution behavior, proxy and NO_PROXY bypasses, HTTP/2 denial-of-service conditions, header handling risks, and a confirmed 2026 npm supply-chain compromise involving malicious axios versions. Production usage should prefer axios 1.18.0 or later and explicitly block malicious versions 1.14.1 and 0.30.4.

Category HTTP Client
Ecosystem npm / JavaScript
Common usage API clients, frontend requests, backend integrations, authentication flows, redirects, headers, JSON payloads and HTTP automation.
Risk model High-risk dependency when used with SSRF-sensitive flows, proxy rules, redirects, custom headers, credentials or untrusted URL construction.
•••
Why it is widely used
Simple and consistent API compared to native HTTP implementations.
Works across browsers and Node.js with a unified programming model.
Provides built-in handling for JSON payloads, headers, redirects and timeouts.
Supports interceptors for authentication, logging, observability and request manipulation.
Frequently embedded in SDKs, cloud integrations, payment platforms and third-party connectors.
Commonly used in service-to-service architectures and distributed systems.
Acts as a trust-boundary component between user-controlled input and external services.
Frequently appears in SSRF-sensitive request flows and proxy-controlled environments.
Risk score 92
Known issues 17
Exploit maturity Public advisories, confirmed supply-chain compromise, reproducible PoCs and active operational relev
•••
Vulnerability burndown
Mar 2025 May 2026
Critical High Medium
•••
MTTR critical severity
7 days
No data
•••
Library risk age
277 days
92% lower than last month
•••
Total vulnerabilities
17 Vulnerabilities
Critical 2 High 7 Medium 8 Low 0
Severity Vulnerability name Library Surface Status Published date SLA Tags Actions
Critical Cross-site Request Forgery axios@0.22.0 HTTP client New May 28, 2025 7 days CSRF
Critical Malicious npm Package Versions Delivered Cross-Platform RAT axios@1.14.1; axios@0.30.4 Supply chain / npm package publication Remediated 2026-03-31 Remove malicious versions; rotate credentials; rebuild from clean environment Supply Chain
High Regular Expression Denial of Service axios@0.22.0 Regex New May 16, 2025 20 days ReDoS
High Prototype Pollution (mergeConfig) axios <0.31.1 Config handling New Jun 2025 30 days Prototype Pollution
High NO_PROXY Bypass via IPv4-Mapped IPv6 Addresses axios >=1.0.0 <1.16.0; axios <=0.31.1 Proxy / NO_PROXY handling Published 2026-05-29 Upgrade to 1.16.0 or 0.32.0 SSRF
High Incomplete Fix for NO_PROXY Bypass via 127.0.0.0/8 Loopback Subnet axios 1.15.0 Proxy / NO_PROXY handling Published 2026-05-05 Upgrade beyond 1.15.0 SSRF
High Uncontrolled Recursion (toFormData) Validated PoC axios <0.31.1 Serializer / multipart form-data conversion Published 2025-06-01 Upgrade to 0.31.1 DoS
High HTTP Response Splitting via Headers Validated PoC axios <0.31.0 Headers / CRLF propagation Published 2025-06-01 Upgrade to 0.31.0 Header Injection
High SSRF and Credential Leakage via Absolute URL Override axios <1.8.2 Request URL resolution Published 2025-03-06 Upgrade to 1.8.2 SSRF
Medium NO_PROXY Hostname Normalization Bypass Leading to SSRF axios <1.15.0; axios <0.31.0 Proxy / NO_PROXY handling Published 2026-04-09 Upgrade to 1.15.0 or 0.31.0 SSRF
Medium Cloud Metadata Exfiltration via Header Injection Chain axios >=1.0.0 <1.15.0; axios <0.31.0 Headers / proxy / metadata service Published 2026-04-09 Upgrade to 1.15.0 or 0.31.0 Header Injection
Medium HTTP/2 Session Cleanup Denial of Service axios >=1.13.0 <1.13.2 HTTP/2 adapter Published 2026-04-08 Upgrade to 1.13.2 DoS
Medium XSRF Token Leakage via Config Manipulation Validated PoC axios <0.31.1 HTTP headers / XSRF token propagation Published 2025-06-01 Upgrade to 0.31.1 Data Leak
Medium Bypass of maxContentLength (large response) Validated PoC axios <0.31.1 HTTP adapter / stream response handling Published 2025-06-01 Upgrade to 0.31.1 DoS
Medium Bypass of maxBodyLength (upload) Validated PoC axios <0.31.1 HTTP adapter / streamed upload handling Published 2025-06-01 Upgrade to 0.31.1 DoS
Medium Improper Encoding (NUL byte injection) Validated PoC axios <0.31.1 URL params / AxiosURLSearchParams serialization Published 2025-06-01 Upgrade to 0.31.1 Encoding
Medium Server-side Request Forgery (SSRF) Validated PoC axios <0.30.0 Request handling / user-controlled URL fetching Published 2025-05-01 Upgrade to 0.30.0 SSRF
No vulnerability records match the selected filter.
FikreSekhel Research

Research Notes

Behavioral findings, exploitability observations and operational dependency intelligence produced by FikreSekhel for this library.

RN-AXIOS-SC-2026-001

Axios npm Supply Chain Compromise: Phantom Dependency RAT Delivery

A compromised npm maintainer account published malicious Axios versions that introduced a hidden transitive dependency delivering a cross-platform Remote Access Trojan through install-time execution.

Validated Critical Confirmed
In March 2026, the Axios npm package was affected by a high-impact supply-chain compromise. Malicious versions axios@1.14.1 and axios@0.30.4 introduced plain-crypto-js@4.2.1 as an unexpected dependency. The malicious dependency abused npm install-time execution through a postinstall hook to deliver a cross-platform Remote Access Trojan targeting developer workstations, CI runners, build containers and environments where dependency installation had access to secrets, source code, SSH keys, npm tokens, cloud credentials or deployment material.
Surface npm package publication / dependency installation / CI-CD build plane
Primitive Phantom dependency injection via package manifest and postinstall execution
Tested versions Registry and lockfile intelligence analysis; no exploit execution required
Observed behavior

The compromised Axios releases introduced a malicious dependency chain: application -> axios@1.14.1 or axios@0.30.4 -> plain-crypto-js@4.2.1 -> postinstall execution -> platform-specific RAT delivery. The attack targeted multiple operating systems and was designed around install-time compromise rather than runtime HTTP client behavior. Affected environments are those that resolved and installed the malicious versions during the exposure window, including local developer machines, ephemeral CI workers, Docker build stages, package cache mirrors and artifact registries that retained the poisoned tarballs.

Security implication

The operational impact is broader than a normal library CVE. Any environment that installed the poisoned versions must be treated as potentially compromised, because execution occurred during dependency installation, before application runtime controls, SSRF protections, WAF rules or code-level mitigations would apply. The most critical blast radius includes npm tokens, Git credentials, SSH keys, cloud provider secrets, CI secrets, deployment keys, package registry credentials, source code access and production release integrity. This class of incident should be modeled as build-plane compromise, not only dependency vulnerability exposure.

Mitigation

Remove axios@1.14.1 and axios@0.30.4 from all dependency manifests, lockfiles, caches and artifact mirrors. Block plain-crypto-js@4.2.1. Rebuild affected artifacts from clean environments. Rotate npm tokens, Git credentials, SSH keys, cloud credentials, CI/CD secrets and deployment tokens exposed to any system that installed the malicious versions. Review CI job logs, npm install logs, endpoint telemetry, EDR alerts, process execution, outbound network activity and package cache contents. Enforce lockfile review, package provenance validation, npm script restrictions where feasible, ephemeral CI isolation and allowlisted dependency policy for critical build pipelines.

Observed before mitigation 
{
  "dependency": "axios",
  "versions": ["1.14.1", "0.30.4"],
  "unexpected_transitive_dependency": "plain-crypto-js@4.2.1",
  "execution_vector": "npm postinstall",
  "affected_plane": "developer and CI/CD build environments",
  "source_repository_state": "may appear clean while registry artifact is malicious"
}
Observed after mitigation 
{
  "blocked_versions": ["axios@1.14.1", "axios@0.30.4", "plain-crypto-js@4.2.1"],
  "recommended_baseline": "axios>=1.18.0",
  "required_response": [
    "remove poisoned versions",
    "purge caches and mirrors",
    "rebuild artifacts",
    "rotate exposed credentials",
    "review install-time telemetry"
  ]
}
View mitigation code 
{
  "package_policy": {
    "deny": [
      "axios@1.14.1",
      "axios@0.30.4",
      "plain-crypto-js@4.2.1"
    ],
    "require_lockfile_review": true,
    "prefer_safe_baseline": "axios>=1.18.0",
    "ci_controls": [
      "run npm ci in isolated ephemeral workers",
      "restrict install scripts for untrusted dependency updates",
      "monitor package manifest deltas",
      "alert on newly introduced transitive dependencies"
    ]
  }
}
View FRES detection heuristic 
IF dependency.name == "axios" AND dependency.version IN ["1.14.1", "0.30.4"] THEN critical_supply_chain_exposure = true;
IF lockfile.contains("plain-crypto-js@4.2.1") THEN critical_supply_chain_exposure = true;
IF dependency_delta.added_transitive_dependency == "plain-crypto-js" AND parent == "axios" THEN phantom_dependency_alert = true;
IF install_script_detected == true AND dependency_trust == "new_or_unexpected" THEN build_plane_execution_risk += 40;
IF ci_environment == true AND secrets_available == true THEN blast_radius = "credential_and_release_pipeline_compromise";
2026-03-31
1 2 3 4
Need private intelligence for your codebase? Request deeper analysis, exploitability review and dependency risk mapping from the Fikresekhel consulting team.