Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40frangoteam/fuxa@1.1.7
Typenpm
Namespace@frangoteam
Namefuxa
Version1.1.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.0
Latest_non_vulnerable_version1.3.1
Affected_by_vulnerabilities
0
url VCID-3j5x-kff5-6fek
vulnerability_id VCID-3j5x-kff5-6fek
summary FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31716
reference_id
reference_type
scores
0
value 0.37109
scoring_system epss
scoring_elements 0.97273
published_at 2026-06-12T12:55:00Z
1
value 0.37109
scoring_system epss
scoring_elements 0.97266
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31716
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31716
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31716
2
reference_url https://github.com/MateusTesser/CVE-2023-31716
reference_id CVE-2023-31716
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:40:06Z/
url https://github.com/MateusTesser/CVE-2023-31716
3
reference_url https://github.com/frangoteam/FUXA
reference_id FUXA
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:40:06Z/
url https://github.com/frangoteam/FUXA
4
reference_url https://github.com/advisories/GHSA-45c3-c4c3-8rqg
reference_id GHSA-45c3-c4c3-8rqg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45c3-c4c3-8rqg
fixed_packages
0
url pkg:npm/%40frangoteam/fuxa@1.1.13
purl pkg:npm/%40frangoteam/fuxa@1.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kfd-ht8x-mkbw
1
vulnerability VCID-stnp-kkx6-skbz
2
vulnerability VCID-zezh-jzeh-ukh6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540frangoteam/fuxa@1.1.13
aliases CVE-2023-31716, GHSA-45c3-c4c3-8rqg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j5x-kff5-6fek
1
url VCID-5kfd-ht8x-mkbw
vulnerability_id VCID-5kfd-ht8x-mkbw
summary FUXA has JWT Authentication Bypass via HTTP Referer header spoofing
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69985
reference_id
reference_type
scores
0
value 0.01745
scoring_system epss
scoring_elements 0.82943
published_at 2026-06-11T12:55:00Z
1
value 0.01745
scoring_system epss
scoring_elements 0.83005
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69985
1
reference_url https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52544.py
reference_id CVE-2025-69985
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52544.py
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69985
reference_id CVE-2025-69985
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69985
4
reference_url https://github.com/advisories/GHSA-4r4r-4jp4-wwf9
reference_id GHSA-4r4r-4jp4-wwf9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r4r-4jp4-wwf9
fixed_packages
0
url pkg:npm/%40frangoteam/fuxa@1.2.9
purl pkg:npm/%40frangoteam/fuxa@1.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stnp-kkx6-skbz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540frangoteam/fuxa@1.2.9
aliases CVE-2025-69985, GHSA-4r4r-4jp4-wwf9
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kfd-ht8x-mkbw
2
url VCID-stnp-kkx6-skbz
vulnerability_id VCID-stnp-kkx6-skbz
summary FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69971
reference_id
reference_type
scores
0
value 0.04529
scoring_system epss
scoring_elements 0.8941
published_at 2026-06-11T12:55:00Z
1
value 0.04529
scoring_system epss
scoring_elements 0.89446
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69971
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69971
reference_id CVE-2025-69971
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69971
2
reference_url https://github.com/advisories/GHSA-c8m8-3jcr-6rj5
reference_id GHSA-c8m8-3jcr-6rj5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8m8-3jcr-6rj5
3
reference_url https://github.com/frangoteam/FUXA/security/advisories/GHSA-c8m8-3jcr-6rj5
reference_id GHSA-c8m8-3jcr-6rj5
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA/security/advisories/GHSA-c8m8-3jcr-6rj5
4
reference_url https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
reference_id jwt-helper.js
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:58:38Z/
url https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
fixed_packages
0
url pkg:npm/%40frangoteam/fuxa@1.3.0
purl pkg:npm/%40frangoteam/fuxa@1.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540frangoteam/fuxa@1.3.0
aliases CVE-2025-69971, GHSA-c8m8-3jcr-6rj5
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stnp-kkx6-skbz
3
url VCID-zezh-jzeh-ukh6
vulnerability_id VCID-zezh-jzeh-ukh6
summary A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33831
reference_id
reference_type
scores
0
value 0.93354
scoring_system epss
scoring_elements 0.99823
published_at 2026-06-12T12:55:00Z
1
value 0.93354
scoring_system epss
scoring_elements 0.99822
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33831
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33831
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33831
2
reference_url https://github.com/advisories/GHSA-r87q-fq37-pvr6
reference_id GHSA-r87q-fq37-pvr6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r87q-fq37-pvr6
3
reference_url https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831
reference_id Unauthenticated-RCE-FUXA-CVE-2023-33831
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-25T18:45:53Z/
url https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831
4
reference_url https://youtu.be/Xxa6yRB2Fpw
reference_id Xxa6yRB2Fpw
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-25T18:45:53Z/
url https://youtu.be/Xxa6yRB2Fpw
fixed_packages
0
url pkg:npm/%40frangoteam/fuxa@1.1.14
purl pkg:npm/%40frangoteam/fuxa@1.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kfd-ht8x-mkbw
1
vulnerability VCID-stnp-kkx6-skbz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540frangoteam/fuxa@1.1.14
aliases CVE-2023-33831, GHSA-r87q-fq37-pvr6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zezh-jzeh-ukh6
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540frangoteam/fuxa@1.1.7