Share
## https://sploitus.com/exploit?id=46CD767C-AB3D-556B-BF5F-EBD8687ED062
# audit-axios
Scan local repos for vulnerable axios versions and patch interactively.
Targets [**CVE-2026-40175**](https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx) โ CRLF Header Injection leading to Request Smuggling & SSRF. CVSS 9.9, affects all axios < 1.15.0.
## Quick Start
```bash
npx audit-axios ~/Workspace ~/Projects
```
## Usage
```bash
# Interactive โ checkbox select + bulk action
audit-axios ~/Workspace ~/Projects
# Scan only (CI-friendly, exit code 1 if vulnerable)
audit-axios --scan-only ~/Workspace
# Auto-patch everything
audit-axios --auto-patch ~/Workspace ~/Projects
# Custom minimum version
audit-axios --min-version 1.16.0 --target "^1.16.0" ~/Workspace
```
## Interactive Controls
| Key | Action |
|-----|--------|
| `space` | Toggle select/deselect |
| `a` | Select all |
| `n` | Deselect all |
| `j/k` or arrows | Navigate |
| `enter` | Confirm โ choose action |
| `q` | Quit |
## Options
| Flag | Description | Default |
|------|-------------|---------|
| `--scan-only` | Report only, no prompts | โ |
| `--auto-patch` | Patch all without prompting | โ |
| `--min-version` | Minimum safe version | `1.15.0` |
| `--target` | Target version spec | `^1.15.0` |
## Features
- Zero dependencies โ Node.js built-ins only
- Auto-detects npm, yarn, pnpm (including `packageManager` field)
- Monorepo workspace-aware (pnpm-workspace.yaml, yarn workspaces)
- Severity labels (CRITICAL / HIGH / MEDIUM) based on version gap
- CI mode with `--scan-only` (exit 1 on vulnerability found)
## License
MIT