VYPR

npm package

@nocobase/auth

pkg:npm/%40nocobase/auth

Vulnerabilities (1)

  • CVE-2025-13877MedDec 2, 2025
    affected >= 1.9.0, < 1.9.23fixed 1.9.23

    A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument API_KEY results in use of hard-coded cry