Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vv7q-7jx5-f767
  • PyPI/fastmcp
 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability 3 days ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-rww4-4w9c-7733
  • PyPI/fastmcp
 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities 3 days ago
  • Fix available
GHSA-m8x7-r2rg-vh5g
  • PyPI/fastmcp
 FastMCP has a Command Injection vulnerability - Gemini CLI 3 days ago
  • Fix available
  • Severity - 6.7 (Medium)
GHSA-5h2m-4q8j-pqpj
  • PyPI/fastmcp
 FastMCP OAuth Proxy token reuse across MCP servers 16 Mar
  • Fix available
  • Severity - 7.4 (High)
GHSA-rcfx-77hg-w2wv
  • PyPI/fastmcp
 FastMCP updated to MCP 1.23+ due to CVE-2025-66416 26 Dec 2025
  • Fix available
GHSA-rj5c-58rq-j5g5
  • PyPI/fastmcp
 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name 29 Oct 2025
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-mxxr-jv3v-6pgc
  • PyPI/fastmcp
 FastMCP vulnerable to reflected XSS in client's callback page 29 Oct 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c2jp-c369-7pvx
  • PyPI/fastmcp
 FastMCP Auth Integration Allows for Confused Deputy Account Takeover 29 Oct 2025
  • Fix available
  • Severity - 7.3 (High)