Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
734154
AlmaLinux
5184
Alpaquita
11422
Alpine
4339
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
554
Bitnami
8244
Chainguard
8710
CleanStart
1524
CRAN
14
crates.io
2549
Debian
59525
Echo
6557
GHC
3
GIT
81732
GitHub Actions
54
Go
7970
Hackage
32
Hex
168
Julia
979
Linux
15361
Mageia
6005
Maven
6662
MinimOS
82094
npm
221430
NuGet
1766
opam
18
openEuler
7136
openSUSE
13351
OSS-Fuzz
3952
Packagist
6624
Pub
11
PyPI
20936
Red Hat
21016
Rocky Linux
3561
Root
17233
RubyGems
2008
SUSE
21213
SwiftURL
58
TuxCare
5651
Ubuntu
56969
VSCode
20
Wolfi
6100
ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-371
PyPI/kubectl-mcp-server
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page
29 Jun
Fix available
Severity - 9.8 (Critical)
PYSEC-2026-331
PyPI/excel-mcp-server
excel-mcp-server has a Path Traversal issue
29 Jun
Fix available
Severity - 9.4 (Critical)
MAL-2026-5325
PyPI/ray-mcp-server
Malicious code in ray-mcp-server (PyPI)
06 Jun
No fix available
MAL-2026-4774
PyPI/vulndify-mcp-server
Malicious code in vulndify-mcp-server (PyPI)
22 May
No fix available
GHSA-94gr-w3q5-rfqr
PyPI/kubectl-mcp-server
npm/kubectl-mcp-server
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page
12 May
Fix available
Severity - 9.8 (Critical)
GHSA-qhfq-gvvc-5q6q
PyPI/doris-mcp-server
Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization
20 Apr
Fix available
Severity - 5.3 (Medium)
GHSA-j98m-w3xp-9f56
PyPI/excel-mcp-server
excel-mcp-server has a Path Traversal issue
14 Apr
Fix available
Severity - 9.4 (Critical)
GHSA-vphc-468g-8rfp
PyPI/adx-mcp-server
Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries
27 Mar
No fix available
Severity - 8.3 (High)
GHSA-2cpp-j2fc-qhp7
PyPI/awslabs-aws-api-mcp-server
AWS API MCP File Access Restriction Bypass
17 Mar
Fix available
Severity - 6.8 (Medium)
PYSEC-2026-162
PyPI/awslabs-aws-api-mcp-server
See record for full details
16 Mar
Fix available
Severity - 6.8 (Medium)
GHSA-vjqx-cfc4-9h6v
PyPI/mcp-server-git
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
26 Feb
Fix available
Severity - 6.4 (Medium)
GHSA-j22h-9j4x-23w5
PyPI/mcp-server-git
mcp-server-git has missing path validation when using --repository flag
17 Dec 2025
Fix available
Severity - 6.4 (Medium)
GHSA-9xwc-hfwc-8w59
PyPI/mcp-server-git
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
17 Dec 2025
Fix available
Severity - 6.3 (Medium)
GHSA-5cgr-j3jf-jw3v
PyPI/mcp-server-git
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
17 Dec 2025
Fix available
Severity - 6.5 (Medium)
GHSA-g2jx-37x6-6438
PyPI/arcade-mcp-server
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
02 Dec 2025
Fix available
Severity - 6.5 (Medium)
GHSA-m35w-xx8c-6xc7
PyPI/doris-mcp-server
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
05 Nov 2025
Fix available
Severity - 5.3 (Medium)
PyPI - OSV