VYPR

Workers OAuth Provider

by Cloudflare

Source repositories

CVEs (2)

  • CVE-2025-4144May 1, 2025
    risk 0.00cvss epss 0.00

    PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: …

  • CVE-2025-4143May 1, 2025
    risk 0.00cvss epss 0.00

    The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: …