Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/modelcontextprotocol/registry

View on go registry
6 Total advisories
6 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-45781

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
LOW 3.5
Go

CVE-2026-45781

MCP Registry: OCI validator skips ownership check on upstream rate limits
UNKNOWN
Go

CVE-2026-44427

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
MEDIUM 5.4
Go

CVE-2026-44429

MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
MEDIUM 4.0
Go

CVE-2026-44430

MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
MEDIUM 4.7
Go

CVE-2026-44428

MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes