VYPR

npm package

@mastra/mcp-docs-server

pkg:npm/%40mastra/mcp-docs-server

Malware

1 malicious version on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-61685MedOct 3, 2025
    affected < 0.17.0fixed 0.17.0

    Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for re