5 matches found
Malicious code in @mastra/mcp-registry-registry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45ba997a42d41e72f38a36e0a6122b28388f73eb479dc41f7c1b77b6a75f91c8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5955 Malicious code in @mastra/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fbae003cd01bc2b7f477773c49bbd2254e8ec61118b865fb98abcc832a3f9af The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Directory Traversal
@mastra/mcp-docs-server is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs in the directory suggestion logic, which allows an attacker to bypass path traversal checks and list the contents of arbitrary directories on the user’s filesystem...
Exposure of Information Through Directory Listing
Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...