npm package
@mastra/mcp-docs-server
pkg:npm/%40mastra/mcp-docs-server
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-wxp6-9hmr-928gMalware in @mastra/mcp-docs-serverJun 17, 2026
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61685 | Med | 6.5 | < 0.17.0 | 0.17.0 | Oct 3, 2025 | Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for re |
- affected < 0.17.0fixed 0.17.0
Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for re