Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-371
  • PyPI/kubectl-mcp-server
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page 29 Jun
  • Fix available
  • Severity - 9.8 (Critical)
PYSEC-2026-331
  • PyPI/excel-mcp-server
excel-mcp-server has a Path Traversal issue 29 Jun
  • Fix available
  • Severity - 9.4 (Critical)
MAL-2026-5325
  • PyPI/ray-mcp-server
Malicious code in ray-mcp-server (PyPI) 06 Jun
  • No fix available
MAL-2026-4774
  • PyPI/vulndify-mcp-server
Malicious code in vulndify-mcp-server (PyPI) 22 May
  • No fix available
GHSA-94gr-w3q5-rfqr
  • PyPI/kubectl-mcp-server
  • npm/kubectl-mcp-server
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page 12 May
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-qhfq-gvvc-5q6q
  • PyPI/doris-mcp-server
Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization 20 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-j98m-w3xp-9f56
  • PyPI/excel-mcp-server
excel-mcp-server has a Path Traversal issue 14 Apr
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-vphc-468g-8rfp
  • PyPI/adx-mcp-server
Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries 27 Mar
  • No fix available
  • Severity - 8.3 (High)
GHSA-2cpp-j2fc-qhp7
  • PyPI/awslabs-aws-api-mcp-server
AWS API MCP File Access Restriction Bypass 17 Mar
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-162
  • PyPI/awslabs-aws-api-mcp-server
See record for full details 16 Mar
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-vjqx-cfc4-9h6v
  • PyPI/mcp-server-git
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries 26 Feb
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-j22h-9j4x-23w5
  • PyPI/mcp-server-git
mcp-server-git has missing path validation when using --repository flag 17 Dec 2025
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-9xwc-hfwc-8w59
  • PyPI/mcp-server-git
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files 17 Dec 2025
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-5cgr-j3jf-jw3v
  • PyPI/mcp-server-git
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations 17 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-g2jx-37x6-6438
  • PyPI/arcade-mcp-server
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints 02 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-m35w-xx8c-6xc7
  • PyPI/doris-mcp-server
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode 05 Nov 2025
  • Fix available
  • Severity - 5.3 (Medium)