pkg:Go/github.com/modelcontextprotocol/registry

6 total CVEsMEDIUM3LOW2

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.4CVE-2026-44429MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
    from 0, < 1.7.7
  • MEDIUM4.7CVE-2026-44428MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience
    from 0, < 1.7.6
  • MEDIUM4.0CVE-2026-44430MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
    from 0, < 1.7.7
  • LOW3.5CVE-2026-45781MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
    from 0, < 1.7.9
  • LOW3.5CVE-2026-45781MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
    from 0, < 1.7.9
  • CVE-2026-44427MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
    >= 1.1.0, < 1.7.5