medium
published
Jun 30, 2026
@unusualwhales/mcp
The gateway.ts HTTP client in @unusualwhales/mcp propagates the full, unredacted HTTP response body from the Unusual Whales API back to MCP tool callers when errors oc...
Read advisory
high
published
Jun 30, 2026
zapier-mcp
The create-my-tools-profile skill asks the user (or any LLM context in scope) for a free-form role description and writes it directly into a persistent AI rules file (...
Read advisory
high
published
Jun 30, 2026
zapier-mcp
The
Read advisory
high
published
Jun 29, 2026
@unusualwhales/mcp
The @unusualwhales/mcp server registers 25+ MCP prompts (workflow templates) that compose LLM instructions by directly interpolating user-supplied arguments into templ...
Read advisory
high
published
Jun 26, 2026
@playwright/mcp
The browser_navigate MCP tool in @playwright/mcp passes user-supplied URLs through checkUrlAllowed() (context.ts) which only blocks the file: protocol. The default con...
Read advisory
high
published
Apr 6, 2026
mobile-use
The type() method in mobile-use performs incomplete shell escaping when sending text to Android devices via ADB. While it escapes whitespace and double quotes, it does...
Read advisory
high
published
Apr 6, 2026
desktop-commander
The command validation in desktop-commander uses a blocklist approach that can be bypassed using $() command substitution or backtick substitution. For example, $(curl...
Read advisory
critical
published
Apr 6, 2026
desktop-commander
The node:local feature in desktop-commander allows arbitrary code execution by writing user-provided JavaScript to a temporary .mjs file and executing it with Node.js....
Read advisory
high
published
Apr 1, 2026
google-adk
google-adk's DatabaseSessionService supports both a v0 schema (ADK 1.19.0–1.21.0) and a v1 schema. The service detects the existing schema version on startup and uses...
Read advisory
high
published
Mar 27, 2026
chrome-local-mcp
The navigate MCP tool (mcp-server.js:41-48), HTTP /navigate endpoint (server.js:44-49), and batch action handler (mcp-server.js:339-342) all pass user-supplied URLs di...
Read advisory
high
published
Mar 27, 2026
chrome-local-mcp
The Express HTTP server in server.js listens on port 3033 (configurable via PORT env var) bound to all network interfaces (0.0.0.0 — Express default when no host is sp...
Read advisory
critical
published
Mar 27, 2026
chrome-local-mcp
chrome-local-mcp exposes an eval MCP tool (mcp-server.js:198-205) and an HTTP /eval endpoint (server.js:117-122) that pass user-supplied JavaScript strings directly to...
Read advisory
high
published
Mar 27, 2026
@osematouati/notion-mcp-server
`@osematouati/notion-mcp-server` (versions 1.8.1–1.8.2) is a third-party npm republication of the official Notion MCP server, published by a single maintainer (`osemat...
Read advisory
high
published
Mar 27, 2026
@gongrzhe/server-gmail-autoauth-mcp
All 7 published versions (0.0.1 through 0.0.8) of `@gongrzhe/server-gmail-mcp` on npm lack provenance attestation. The npm registry metadata contains `dist.signatures`...
Read advisory