If you discover a security vulnerability in axios please disclose it via our huntr page. Bounty eligibility, CVE assignment, response times and past reports are all there.
Thank you for improving the security of axios.