43 matches found
security-skills
Security Skills Security Skills is a Hermes Agent skill pack...
CVE-2026-42561 vulnerabilities
Vulnerabilities for packages: reflex, semgrep, airflow...
GHSA-PP6C-GR5W-3C5G vulnerabilities
Vulnerabilities for packages: reflex, semgrep, airflow...
Arbitrary Command Injection
Overview mcp-server-semgrep is a MCP Server for Semgrep Integration - static code analysis with AI Affected versions of this package are vulnerable to Arbitrary Command Injection via the analyzeresults, filterresults, exportresults, compareresults, scandirectory, or createrule functions in the MC...
GHSA-86HP-QXQP-W9WV mcp-server-semgrep has a Command Injection issue
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
mcp-server-semgrep has a Command Injection issue
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
EUVD-2026-26302
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...
CVE-2026-7446
VetCoders mcp-server-semgrep version 1.0.0 is affected by CVE-2026-7446 in the MCP Interface. The vulnerability exists in the file src/index.ts (functions analyze_results, filter_results, export_results, compare_results, scan_directory, create_rule) where manipulation of the argument ID enables a...
MCP Server Semgrep 命令注入漏洞
MCP Server Semgrep is an AI assistant tool for integrated static code analysis, open-sourced by VetCoders. Version 1.0.0 of MCP Server Semgrep contains a command injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...
PT-2026-36030
Name of the Vulnerable Software and Affected Versions VetCoders mcp-server-semgrep version 1.0.0 Description Remote OS command injection is possible within the MCP Interface component in the file src/index.ts. The issue occurs when the ID argument is manipulated, affecting the functions analyze...
CVE-2026-40347 vulnerabilities
Vulnerabilities for packages: semgrep, airflow, kserve...
GHSA-MJ87-HWQH-73PJ vulnerabilities
Vulnerabilities for packages: semgrep, airflow, kserve...
GHSA-752W-5FWX-JX9F vulnerabilities
Vulnerabilities for packages: az, superset, airflow, open-webui, ggshield, py3-cassandra-medusa, datadog-agent, semgrep, kserve...
CVE-2026-32597 vulnerabilities
Vulnerabilities for packages: az, superset, airflow, open-webui, ggshield, py3-cassandra-medusa, datadog-agent, semgrep, kserve...
CVE-2026-0994 vulnerabilities
Vulnerabilities for packages: py3-protobuf, tensorflow-cpu-jupyter, datadog-agent, airflow, open-webui, mitmproxy, kubeflow-katib, semgrep, kserve, mlflow, py3-cassandra-medusa...
GHSA-7GCM-G887-7QV7 vulnerabilities
Vulnerabilities for packages: py3-protobuf, tensorflow-cpu-jupyter, datadog-agent, airflow, open-webui, mitmproxy, kubeflow-katib, semgrep, kserve, mlflow, py3-cassandra-medusa...
CVE-2026-23949 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, tensorflow-cpu-jupyter, mlflow, datadog-agent, superset, semgrep, emissary, airflow, open-webui, py3-setuptools, py3-cassandra-medusa, dask-kubernetes, pypy-3.11, kserve, kubeflow-jupyter-web-app, pypy-3.10...