VYPR

npm package

mcp-watch

pkg:npm/mcp-watch

Vulnerabilities (1)

  • CVE-2025-66401Dec 1, 2025
    affected <= 0.1.2

    MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to