VYPR

npm package

mcp-markdownify-server

pkg:npm/mcp-markdownify-server

Vulnerabilities (3)

  • CVE-2025-58358HigSep 4, 2025
    affected < 0.0.2fixed 0.0.2

    Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitra

  • CVE-2025-5276HigMay 29, 2025
    affected <= 0.0.1

    All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube

  • CVE-2025-5273MedMay 29, 2025
    affected <= 0.0.1

    All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running