VulnerableCode Package Details - pkg:npm/axios@0.28.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9kzj-nmnp-nbe3 Aliases: CVE-2025-27152 GHSA-jr5f-v2jv-69x6	axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests	0.30.0 Affected by 0 other vulnerabilities. 1.0.0-alpha.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.8.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9kzj-nmnp-nbe3
Aliases:
CVE-2025-27152
GHSA-jr5f-v2jv-69x6

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

0.30.0
Affected by 0 other vulnerabilities.

1.0.0-alpha.1
Affected by 1 other vulnerability.

1.8.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hfp7-rkga-aaak	An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.	CVE-2023-45857 GHSA-wf5p-g6vw-rhxx

Vulnerability

Summary

Aliases

VCID-hfp7-rkga-aaak

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2023-45857
GHSA-wf5p-g6vw-rhxx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:17:34.431748+00:00	GitLab Importer	Affected by	VCID-9kzj-nmnp-nbe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2025-27152.yml	36.1.3
2025-06-03T23:52:42.034139+00:00	GitLab Importer	Affected by	VCID-9kzj-nmnp-nbe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2025-27152.yml	36.1.0
2025-06-02T23:51:31.714037+00:00	GitLab Importer	Affected by	VCID-9kzj-nmnp-nbe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2025-27152.yml	36.1.2
2025-04-09T00:22:55.405084+00:00	GitLab Importer	Affected by	VCID-9kzj-nmnp-nbe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2025-27152.yml	36.0.0
2024-11-19T15:50:03.866390+00:00	GitLab Importer	Fixing	VCID-hfp7-rkga-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/axios/CVE-2023-45857.yml	34.3.2
2024-10-15T19:17:34.749905+00:00	GithubOSV Importer	Fixing	VCID-hfp7-rkga-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wf5p-g6vw-rhxx/GHSA-wf5p-g6vw-rhxx.json	34.0.2
2024-09-18T09:21:45.761743+00:00	GithubOSV Importer	Fixing	VCID-hfp7-rkga-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wf5p-g6vw-rhxx/GHSA-wf5p-g6vw-rhxx.json	34.0.1
2024-09-17T22:18:18.576264+00:00	GHSA Importer	Fixing	VCID-hfp7-rkga-aaak	https://github.com/advisories/GHSA-wf5p-g6vw-rhxx	34.0.1
2024-04-23T23:13:51.812799+00:00	GithubOSV Importer	Fixing	VCID-hfp7-rkga-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wf5p-g6vw-rhxx/GHSA-wf5p-g6vw-rhxx.json	34.0.0rc4
2024-04-23T17:41:43.185796+00:00	GHSA Importer	Fixing	VCID-hfp7-rkga-aaak	https://github.com/advisories/GHSA-wf5p-g6vw-rhxx	34.0.0rc4