If you discover a security vulnerability in axios please disclose it via our huntr page. Bounty eligibility, CVE assignment, response times and past reports are all there.