[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-45857":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":46,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":56,"related":57,"reserved_at":9,"published_at":64,"modified_at":65,"state":66,"summary":67,"references_raw":75,"kevs":135,"epss":136,"epss_history":139,"metrics":412,"affected":420},"CVE-2023-45857","An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-352","Cross-Site Request Forgery (CSRF)","The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.","weakness","Stable","Compound","Medium",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":25,"name":26,"techniques":27},"CAPEC-462","Cross-Domain Search Timing",[],{"id":29,"name":30,"techniques":31},"CAPEC-467","Cross Site Identification",[],{"id":33,"name":34,"techniques":35},"CAPEC-62","Cross Site Request Forgery",[],[37],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_AXIOS_AXIOS","Axios","github","https://github.com/axios/axios/issues/1098","poc",0.3,false,[],[47],"GHSA-wf5p-g6vw-rhxx",[],[50,52,54],{"_key":51},"DEBIAN-CVE-2023-45857",{"_key":53},"UBUNTU-CVE-2023-45857",{"_key":55},"RHSA-2024:1640",[],[58,60,62],{"_key":59},"CGA-353M-V97C-F639",{"_key":61},"CGA-VGWV-2Q7Q-27H5",{"_key":63},"CGA-CW62-762J-87CH","2023-11-08T00:00:00.000Z","2024-09-04T15:15:16.506Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":70,"severity_score":71,"severity_version":72,"severity_source":73,"severity_vector":74,"severity_status":66},"low",0.00179,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",[76,85,89,94,98,102,106,110,114,119,123,127,131],{"url":77,"sources":78,"tags":81},"https://github.com/axios/axios/issues/6006",[79,73,80],"cve.org","osv_npm",[82,83,84],"Exploit","Issue Tracking","WEB",{"url":86,"sources":87,"tags":88},"https://security.netapp.com/advisory/ntap-20240621-0006/",[79,73],[],{"url":90,"sources":91,"tags":92},"https://nvd.nist.gov/vuln/detail/CVE-2023-45857",[80],[93],"Advisory",{"url":95,"sources":96,"tags":97},"https://github.com/axios/axios/issues/6022",[80],[84],{"url":99,"sources":100,"tags":101},"https://github.com/axios/axios/pull/6028",[80],[84],{"url":103,"sources":104,"tags":105},"https://github.com/axios/axios/pull/6091",[80],[84],{"url":107,"sources":108,"tags":109},"https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967",[80],[84],{"url":111,"sources":112,"tags":113},"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",[80],[84],{"url":115,"sources":116,"tags":117},"https://github.com/axios/axios",[80],[118],"PACKAGE",{"url":120,"sources":121,"tags":122},"https://github.com/axios/axios/releases/tag/v0.28.0",[80],[84],{"url":124,"sources":125,"tags":126},"https://github.com/axios/axios/releases/tag/v1.6.0",[80],[84],{"url":128,"sources":129,"tags":130},"https://security.netapp.com/advisory/ntap-20240621-0006",[80],[84],{"url":132,"sources":133,"tags":134},"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459",[80],[84],[],{"date":137,"score":69,"percentile":138},"2026-06-04",0.39172,[140,144,147,150,153,156,159,162,165,168,171,173,176,179,182,186,189,192,195,198,201,204,207,211,214,217,220,223,227,230,233,236,239,242,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,305,308,311,314,317,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,380,383,385,388,391,394,397,400,403,406,409],{"date":141,"score":142,"percentile":143},"2025-11-04",0.00106,0.29314,{"date":145,"score":142,"percentile":146},"2025-11-05",0.29282,{"date":148,"score":142,"percentile":149},"2025-11-06",0.29303,{"date":151,"score":142,"percentile":152},"2025-11-07",0.29294,{"date":154,"score":142,"percentile":155},"2025-11-08",0.29299,{"date":157,"score":142,"percentile":158},"2025-11-09",0.29275,{"date":160,"score":142,"percentile":161},"2025-11-10",0.29256,{"date":163,"score":142,"percentile":164},"2025-11-11",0.29278,{"date":166,"score":142,"percentile":167},"2025-11-12",0.29321,{"date":169,"score":142,"percentile":170},"2025-11-13",0.29334,{"date":172,"score":142,"percentile":170},"2025-11-14",{"date":174,"score":142,"percentile":175},"2025-11-15",0.29325,{"date":177,"score":142,"percentile":178},"2025-11-16",0.29293,{"date":180,"score":142,"percentile":181},"2025-11-17",0.29272,{"date":183,"score":184,"percentile":185},"2025-11-18",0.00236,0.4282,{"date":187,"score":184,"percentile":188},"2025-11-19",0.42832,{"date":190,"score":184,"percentile":191},"2025-11-20",0.42841,{"date":193,"score":142,"percentile":194},"2025-11-21",0.29313,{"date":196,"score":142,"percentile":197},"2025-11-22",0.29322,{"date":199,"score":142,"percentile":200},"2025-11-23",0.29287,{"date":202,"score":142,"percentile":203},"2025-11-24",0.29267,{"date":205,"score":142,"percentile":206},"2025-11-25",0.29257,{"date":208,"score":209,"percentile":210},"2025-11-26",0.00143,0.35172,{"date":212,"score":209,"percentile":213},"2025-11-27",0.3518,{"date":215,"score":209,"percentile":216},"2025-11-28",0.35159,{"date":218,"score":209,"percentile":219},"2025-11-29",0.35138,{"date":221,"score":209,"percentile":222},"2025-11-30",0.35118,{"date":224,"score":225,"percentile":226},"2025-12-01",0.0007,0.21352,{"date":228,"score":225,"percentile":229},"2025-12-02",0.21368,{"date":231,"score":225,"percentile":232},"2025-12-03",0.21378,{"date":234,"score":209,"percentile":235},"2025-12-04",0.35117,{"date":237,"score":209,"percentile":238},"2025-12-05",0.35148,{"date":240,"score":209,"percentile":241},"2025-12-06",0.35145,{"date":243,"score":209,"percentile":235},"2025-12-07",{"date":245,"score":209,"percentile":246},"2025-12-08",0.35129,{"date":248,"score":209,"percentile":249},"2025-12-09",0.35168,{"date":251,"score":209,"percentile":252},"2025-12-10",0.35216,{"date":254,"score":209,"percentile":255},"2025-12-11",0.3524,{"date":257,"score":209,"percentile":258},"2025-12-12",0.35273,{"date":260,"score":209,"percentile":261},"2025-12-13",0.35251,{"date":263,"score":209,"percentile":264},"2025-12-14",0.35224,{"date":266,"score":209,"percentile":267},"2025-12-15",0.35184,{"date":269,"score":209,"percentile":270},"2025-12-16",0.35211,{"date":272,"score":209,"percentile":273},"2025-12-17",0.35261,{"date":275,"score":209,"percentile":276},"2025-12-18",0.35309,{"date":278,"score":209,"percentile":279},"2025-12-19",0.35331,{"date":281,"score":209,"percentile":282},"2025-12-20",0.35313,{"date":284,"score":209,"percentile":285},"2025-12-21",0.35259,{"date":287,"score":209,"percentile":288},"2025-12-22",0.35232,{"date":290,"score":209,"percentile":291},"2025-12-23",0.35229,{"date":293,"score":209,"percentile":294},"2025-12-24",0.35222,{"date":296,"score":209,"percentile":297},"2025-12-25",0.35285,{"date":299,"score":209,"percentile":300},"2025-12-26",0.35266,{"date":302,"score":303,"percentile":304},"2025-12-27",0.00132,0.33621,{"date":306,"score":303,"percentile":307},"2025-12-28",0.33518,{"date":309,"score":303,"percentile":310},"2025-12-29",0.33484,{"date":312,"score":303,"percentile":313},"2025-12-30",0.33477,{"date":315,"score":303,"percentile":316},"2025-12-31",0.33526,{"date":318,"score":319,"percentile":320},"2026-01-01",0.00064,0.20403,{"date":322,"score":319,"percentile":323},"2026-01-02",0.20407,{"date":325,"score":319,"percentile":326},"2026-01-03",0.20394,{"date":328,"score":303,"percentile":329},"2026-01-04",0.33506,{"date":331,"score":303,"percentile":332},"2026-01-05",0.3349,{"date":334,"score":303,"percentile":335},"2026-01-06",0.33502,{"date":337,"score":303,"percentile":338},"2026-01-07",0.3352,{"date":340,"score":303,"percentile":341},"2026-01-08",0.33549,{"date":343,"score":303,"percentile":344},"2026-01-09",0.33547,{"date":346,"score":303,"percentile":347},"2026-01-10",0.33545,{"date":349,"score":303,"percentile":350},"2026-01-11",0.33523,{"date":352,"score":303,"percentile":353},"2026-01-12",0.33455,{"date":355,"score":303,"percentile":356},"2026-01-13",0.33441,{"date":358,"score":303,"percentile":359},"2026-01-14",0.33486,{"date":361,"score":303,"percentile":362},"2026-01-15",0.3348,{"date":364,"score":303,"percentile":335},"2026-01-16",{"date":366,"score":303,"percentile":367},"2026-01-17",0.33485,{"date":369,"score":303,"percentile":370},"2026-01-18",0.33423,{"date":372,"score":303,"percentile":373},"2026-01-19",0.33384,{"date":375,"score":303,"percentile":376},"2026-01-20",0.33365,{"date":378,"score":303,"percentile":379},"2026-01-21",0.33326,{"date":381,"score":303,"percentile":382},"2026-01-22",0.33302,{"date":384,"score":303,"percentile":376},"2026-01-23",{"date":386,"score":303,"percentile":387},"2026-01-24",0.33372,{"date":389,"score":303,"percentile":390},"2026-01-25",0.33305,{"date":392,"score":303,"percentile":393},"2026-01-26",0.33226,{"date":395,"score":303,"percentile":396},"2026-01-27",0.33216,{"date":398,"score":303,"percentile":399},"2026-01-28",0.33191,{"date":401,"score":303,"percentile":402},"2026-01-29",0.33153,{"date":404,"score":303,"percentile":405},"2026-01-30",0.3314,{"date":407,"score":303,"percentile":408},"2026-01-31",0.33149,{"date":410,"score":319,"percentile":411},"2026-02-01",0.2015,[413,418],{"source":73,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":414,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":415,"vectorString":74,"impactScore":416,"exploitabilityScore":417},"MEDIUM",6,7.2,{"source":80,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":419,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":9,"vectorString":74,"impactScore":416,"exploitabilityScore":417},[421,428],{"ecosystem":9,"name":422,"vendor":422,"product":422,"cpe_part":423,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":424},"axios","a",[425],{"version":426,"is_range":44,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.1","cpe",{"ecosystem":429,"name":422,"vendor":429,"product":422,"cpe_part":9,"purl_type":430,"purl_namespace":9,"purl_name":422,"source":9,"versions":431},"Npm","npm",[432,440],{"version":433,"is_range":434,"range_type":435,"version_start":436,"version_start_type":437,"version_end":438,"version_end_type":439,"fixed_in":9},"gte1_0_0_lt1_6_0",true,"semver","1.0.0","including","1.6.0","excluding",{"version":441,"is_range":434,"range_type":435,"version_start":442,"version_start_type":437,"version_end":443,"version_end_type":439,"fixed_in":9},"gte0_8_1_lt0_28_0","0.8.1","0.28.0"]