axios — CVE history (npm)
axios
34 CVEs affect the axios npm package (highest CVSS 9.9). Latest disclosed: 2026-06-11. Full CVE history sourced from NVD.
Summary
- Package
axios(npm)- Total CVEs
34- Actively exploited (CISA KEV)
- 0
- Highest CVSS
9.9- Latest disclosed
- 2026-06-11
Recent CVEs (top 20)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-44496 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44495 | High | 7.0 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44494 | High | 8.7 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44492 | High | 8.6 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44490 | Medium | 4.8 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44489 | Low | 3.7 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44488 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44487 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44486 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42264 | High | 7.4 | — | 2026-05-08 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42044 | Medium | 6.5 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42043 | High | 7.2 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42042 | Medium | 5.4 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42041 | Medium | 4.8 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42040 | Low | 3.7 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42039 | High | 7.5 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42038 | Medium | 6.8 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42037 | Medium | 5.3 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42036 | Medium | 5.3 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42035 | High | 7.4 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
All-time worst (top 10 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-62718 | Critical | 9.9 | — | 2026-04-09 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44494 | High | 8.7 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44492 | High | 8.6 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44496 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44488 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44487 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-44486 | High | 7.5 | — | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-42039 | High | 7.5 | — | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2026-25639 | High | 7.5 | — | 2026-02-09 | Axios is a promise based HTTP client for the browser and Node.js. |
CVE-2025-58754 | High | 7.5 | — | 2025-09-12 | Axios is a promise based HTTP client for the browser and Node.js. |