VYPR

npm package

@cloudflare/workers-oauth-provider

pkg:npm/%40cloudflare/workers-oauth-provider

Vulnerabilities (2)

  • CVE-2025-4144May 1, 2025
    affected < 0.0.5fixed 0.0.5

    PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers

  • CVE-2025-4143May 1, 2025
    affected < 0.0.5fixed 0.0.5

    The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in:  https://github.com/cl