VYPR

npm package

figma-developer-mcp

pkg:npm/figma-developer-mcp

Vulnerabilities (1)

  • CVE-2025-53967HigOct 8, 2025
    affected < 0.6.3fixed 0.6.3

    Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to prop