npm/@frangoteam/fuxa — 6 CVEs

CRITICAL9.8CVE-2025-69985FUXA has JWT Authentication Bypass via HTTP Referer header spoofing

from 0, <= 1.2.8

CRITICAL9.8CVE-2023-33831A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA

from 0, <= 1.1.13

HIGH8.1CVE-2025-69971FUXA has a hardcoded fallback JWT signing secret

from 0, < 1.3.0

HIGH7.5FUXA vulnerable to Local File Inclusion

from 0, <= 1.1.12

HIGH7.5Server-Side Request Forgery in FUXA

from 0, <= 1.1.3

—FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection

>= 1.2.11, < 1.3.1

pkg:npm/@frangoteam/fuxa