Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-4811
  • PyPI/docontrol-mcp
 Malicious code in docontrol-mcp (PyPI) 26 May
  • No fix available
MAL-2026-4774
  • PyPI/vulndify-mcp-server
 Malicious code in vulndify-mcp-server (PyPI) 22 May
  • No fix available
GHSA-vrxg-gm77-7q5g
  • PyPI/windows-mcp
 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS 21 May
  • Fix available
  • Severity - 8.9 (High)
GHSA-g39v-cvjh-8fpf
  • PyPI/ha-mcp
 Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/ 14 May
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-jj54-r8gm-2fcf
  • PyPI/dbt-mcp
 dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction 14 May
  • Fix available
  • Severity - 3.1 (Low)
GHSA-7xgw-6qf3-7w59
  • PyPI/dbt-mcp
 dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled 14 May
  • Fix available
  • Severity - 2.5 (Low)
GHSA-xpww-f6pm-cfhq
  • PyPI/dbt-mcp
 dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters 14 May
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-52cq-7v8r-62c6
  • PyPI/gmaps-mcp
 gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense 08 May
  • Fix available
  • Severity - 8.3 (High)
GHSA-3r68-x3xc-rxpg
  • PyPI/wireshark-mcp
 wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured 05 May
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-8pqq-224h-x875
  • PyPI/ogham-mcp
 ogham-mcp had credentials embedded in published PyPI sdists -- Neon postgres URLs and Voyage API key 05 May
  • Fix available
GHSA-4j28-22qp-rjcf
  • PyPI/sqlite-mcp
 sqlite-mcp has an Injection issue 28 Apr
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-vc5j-42hh-j3mr
  • PyPI/notes-mcp
 notes-mcp has a Path Traversal issue 28 Apr
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-wfr3-hf93-qgg3
  • PyPI/mkdocs-mcp-plugin
 mkdocs-mcp-plugin has a Path Traversal issue 28 Apr
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-h7xc-4mv8-59fj
  • PyPI/mcp-url-downloader
 mcp-url-downloader has a Server-Side Request Forgery issue 27 Apr
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-q882-jc55-6343
  • PyPI/kaggle-mcp
 kaggle-mcp has a Path Traversal issue 27 Apr
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-qhfq-gvvc-5q6q
  • PyPI/doris-mcp-server
 Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization 20 Apr
  • Fix available
  • Severity - 5.3 (Medium)
Load more...(3 pages left)