Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-2315
  • PyPI/latinum-wallet-mcp
 Malicious code in latinum-wallet-mcp (PyPI) 3 days ago
  • No fix available
GHSA-vphc-468g-8rfp
  • PyPI/adx-mcp-server
 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries 27 Mar
  • No fix available
  • Severity - 8.3 (High)
MAL-2026-1990
  • PyPI/mcp-transport-proto
 Malicious code in mcp-transport-proto (PyPI) 20 Mar
  • No fix available
GHSA-2cpp-j2fc-qhp7
  • PyPI/awslabs-aws-api-mcp-server
 AWS API MCP File Access Restriction Bypass 17 Mar
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-pf93-j98v-25pv
  • PyPI/ha-mcp
 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form 12 Mar
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-fmfg-9g7c-3vq7
  • PyPI/ha-mcp
 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle 12 Mar
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-xjgw-4wvw-rgm4
  • PyPI/mcp-atlassian
 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment 10 Mar
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-7r34-79r5-rcc9
  • PyPI/mcp-atlassian
 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers 10 Mar
  • Fix available
  • Severity - 8.2 (High)
GHSA-hhfx-wfvq-7g9c
  • NuGet/Azure.Mcp
  • PyPI/msmcp-azure
  • npm/@azure/mcp
 Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network 10 Mar
  • Fix available
  • Severity - 8.8 (High)
GHSA-g9rg-8vq5-mpwm
  • PyPI/mcp-memory-service
 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft 07 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-73hc-m4hx-79pj
  • PyPI/mcp-memory-service
 mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint 05 Mar
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-vjqx-cfc4-9h6v
  • PyPI/mcp-server-git
 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries 26 Feb
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-6fgp-m6q4-j3q5
  • PyPI/mcp-run-python
 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access 09 Feb
  • No fix available
  • Severity - 5.8 (Medium)
GHSA-pfv4-wmph-5gc6
  • PyPI/mcp-run-python
 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability 09 Feb
  • No fix available
  • Severity - 5.8 (Medium)
GHSA-vf6j-c56p-cq58
  • PyPI/mcp-salesforce-connector
 MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token 06 Feb
  • Fix available
  • Severity - 8.7 (High)
MAL-2026-603
  • PyPI/mcp-pdftool-plus
 Malicious code in mcp-pdftool-plus (PyPI) 29 Jan
  • No fix available
Load more...(2 pages left)