VYPR

PyPI package

mcp-neo4j-cypher

pkg:pypi/mcp-neo4j-cypher

Vulnerabilities (2)

  • CVE-2026-35402LowApr 17, 2026
    affected < 0.6.0fixed 0.6.0

    mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This i

  • CVE-2025-10193HigSep 11, 2025
    affected >= 0.2.2, < 0.4.0fixed 0.4.0

    DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious websit