Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/fuxa-server@1.2.7
Typenpm
Namespace
Namefuxa-server
Version1.2.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-m2be-x8jj-j3de
vulnerability_id VCID-m2be-x8jj-j3de
summary 
FUXA contains an insecure default configuration vulnerability
FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69970
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08447
published_at 2026-06-05T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08386
published_at 2026-06-08T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08443
published_at 2026-06-07T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08463
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69970
1
reference_url https://github.com/frangoteam/FUXA/blob
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA/blob
2
reference_url https://github.com/frangoteam/FUXA/blob/master/server/settings.default.js
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:54:28Z/
url https://github.com/frangoteam/FUXA/blob/master/server/settings.default.js
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69970
reference_id CVE-2025-69970
reference_type
scores
0
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69970
4
reference_url https://github.com/advisories/GHSA-r5m2-fqcf-qrf7
reference_id GHSA-r5m2-fqcf-qrf7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5m2-fqcf-qrf7
fixed_packages
aliases CVE-2025-69970, GHSA-r5m2-fqcf-qrf7
risk_score 4.2
exploitability 0.5
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2be-x8jj-j3de
1
url VCID-nmm3-tq8s-gffr
vulnerability_id VCID-nmm3-tq8s-gffr
summary 
FUXA contains an Unrestricted File Upload vulnerability
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69981
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25661
published_at 2026-06-08T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.2572
published_at 2026-06-07T12:55:00Z
2
value 0.00091
scoring_system epss
scoring_elements 0.25767
published_at 2026-06-06T12:55:00Z
3
value 0.00091
scoring_system epss
scoring_elements 0.25776
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69981
1
reference_url https://github.com/frangoteam/FUXA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA
2
reference_url https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js#L193
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T17:08:21Z/
url https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js#L193
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69981
reference_id CVE-2025-69981
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69981
4
reference_url https://github.com/advisories/GHSA-7g56-fwxj-cm23
reference_id GHSA-7g56-fwxj-cm23
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g56-fwxj-cm23
fixed_packages
aliases CVE-2025-69981, GHSA-7g56-fwxj-cm23
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmm3-tq8s-gffr
2
url VCID-u1jn-7hse-vbea
vulnerability_id VCID-u1jn-7hse-vbea
summary 
FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69983
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64801
published_at 2026-06-08T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.64812
published_at 2026-06-07T12:55:00Z
2
value 0.00467
scoring_system epss
scoring_elements 0.64823
published_at 2026-06-06T12:55:00Z
3
value 0.00467
scoring_system epss
scoring_elements 0.64813
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69983
1
reference_url https://github.com/frangoteam/FUXA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA
2
reference_url https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-11T17:09:42Z/
url https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69983
reference_id CVE-2025-69983
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69983
4
reference_url https://github.com/advisories/GHSA-5r63-q8hg-p8qx
reference_id GHSA-5r63-q8hg-p8qx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r63-q8hg-p8qx
fixed_packages
aliases CVE-2025-69983, GHSA-5r63-q8hg-p8qx
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1jn-7hse-vbea
3
url VCID-xhat-d7rw-pkcx
vulnerability_id VCID-xhat-d7rw-pkcx
summary 
FUXA contains a hard-coded credential vulnerability
This advisory has been withdrawn.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69971
reference_id
reference_type
scores
0
value 0.04529
scoring_system epss
scoring_elements 0.89371
published_at 2026-06-07T12:55:00Z
1
value 0.04529
scoring_system epss
scoring_elements 0.89372
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69971
1
reference_url https://github.com/frangoteam/FUXA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA
2
reference_url https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:58:38Z/
url https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69971
reference_id CVE-2025-69971
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69971
4
reference_url https://github.com/advisories/GHSA-2r8f-cf6w-x5vq
reference_id GHSA-2r8f-cf6w-x5vq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2r8f-cf6w-x5vq
5
reference_url https://github.com/advisories/GHSA-c8m8-3jcr-6rj5
reference_id GHSA-c8m8-3jcr-6rj5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8m8-3jcr-6rj5
6
reference_url https://github.com/frangoteam/FUXA/security/advisories/GHSA-c8m8-3jcr-6rj5
reference_id GHSA-c8m8-3jcr-6rj5
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/frangoteam/FUXA/security/advisories/GHSA-c8m8-3jcr-6rj5
fixed_packages
aliases CVE-2025-69971, GHSA-2r8f-cf6w-x5vq, GHSA-c8m8-3jcr-6rj5
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhat-d7rw-pkcx
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/fuxa-server@1.2.7