4 matches found
Malicious code in mcp-server-github (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...
MAL-2026-5479 Malicious code in mcp-server-github (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...
CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Denial of Service
Overview Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...