Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-345p-7cg4-v4c7
  • npm/@modelcontextprotocol/sdk
 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse 04 Feb
  • Fix available
  • Severity - 7.1 (High)
GHSA-8r9q-7v3j-jr4g
  • npm/@modelcontextprotocol/sdk
 Anthropic's MCP TypeScript SDK has a ReDoS vulnerability 05 Jan
  • Fix available
  • Severity - 8.7 (High)
GHSA-w48q-cv73-mx4w
  • npm/@modelcontextprotocol/sdk
 Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default 02 Dec 2025
  • Fix available
  • Severity - 7.6 (High)
GHSA-g9hg-qhmf-q45m
  • npm/@modelcontextprotocol/inspector
 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server 08 Sep 2025
  • Fix available
  • Severity - 8.6 (High)
GHSA-hc55-p739-j48w
  • npm/@modelcontextprotocol/server-filesystem
 @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix 01 Jul 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-q66q-fx2p-7w4m
  • npm/@modelcontextprotocol/server-filesystem
 @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling 01 Jul 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-7f8r-222p-6f5g
  • npm/@modelcontextprotocol/inspector
 MCP Inspector proxy server lacks authentication between the Inspector client and proxy 13 Jun 2025
  • Fix available
  • Severity - 9.4 (Critical)