VYPR

PyPI package

mcp-server-git

pkg:pypi/mcp-server-git

Vulnerabilities (4)

  • CVE-2026-27735MedFeb 26, 2026
    affected < 2026.1.14fixed 2026.1.14

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries.

  • CVE-2025-68145CriDec 17, 2025
    affected < 2025.12.18fixed 2025.12.18

    In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could

  • CVE-2025-68144HigDec 17, 2025
    affected < 2025.12.18fixed 2025.12.18

    In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line option

  • CVE-2025-68143HigDec 17, 2025
    affected < 2025.9.25fixed 2025.9.25

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target locati