VYPR
Vendor

Zcaceres

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-58358HigSep 4, 2025
    risk 0.42cvss 7.5epss 0.01

    Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject…

  • CVE-2025-5276HigMay 29, 2025
    risk 0.41cvss 7.4epss 0.00

    All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and…

  • CVE-2025-5273MedMay 29, 2025
    risk 0.35cvss 6.5epss 0.00

    All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host…

  • CVE-2025-65512Dec 10, 2025
    risk 0.00cvss epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains,…

  • CVE-2025-65513Dec 9, 2025
    risk 0.00cvss epss 0.00

    fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.