VYPR

Model Context Protocol Servers

by Mlflow

Source repositories

CVEs (5)

  • CVE-2025-34072CriJul 2, 2025
    risk 0.60cvss epss 0.00

    A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing…

  • CVE-2025-68145CriDec 17, 2025
    risk 0.59cvss 9.1epss 0.06

    In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could…

  • CVE-2025-68143HigDec 17, 2025
    risk 0.51cvss 8.8epss 0.08

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target…

  • CVE-2025-68144HigDec 17, 2025
    risk 0.46cvss 7.1epss 0.07

    In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line…

  • CVE-2026-27735MedFeb 26, 2026
    risk 0.35cvss 6.5epss 0.00

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository…