VYPR

Mcp Registry

by Mlflow

Source repositories

CVEs (3)

  • CVE-2026-44429MedMay 14, 2026
    risk 0.28cvss 5.4epss 0.00

    The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.html) is vulnerable to stored cross-site scripting via the server.websiteUrl field…

  • CVE-2026-44428MedMay 14, 2026
    risk 0.24cvss 4.7epss 0.00

    The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client…

  • CVE-2026-44430MedMay 14, 2026
    risk 0.19cvss 4.0epss 0.00

    The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST /v0/auth/http, POST /v0.1/auth/http) uses safeDialContext (internal/api/handlers/v0/auth/http.go:67-110) to…