VYPR

npm package

@cyanheads/git-mcp-server

pkg:npm/%40cyanheads/git-mcp-server

Vulnerabilities (1)

  • CVE-2025-53107HigJul 1, 2025
    affected < 2.1.5fixed 2.1.5

    @cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrar