Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@samanhappy/mcphub

View on npm registry
5 Total advisories
5 Vulnerabilities
0 Malware

Vulnerabilities

CRITICAL 9.1
npm

GHSA-wf8q-wvv8-p8jf

@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation
UNKNOWN
npm

GHSA-p3h2-2j4p-p83g

MCPHub has Path Traversal via Malicious MCPB Manifest Name
UNKNOWN
npm

CVE-2025-13822

MCPHub has an authentication bypass
UNKNOWN
npm

CVE-2025-11287

MCPHub has an Improper Authorization vulnerability via its handleSseConnection function
UNKNOWN
npm

CVE-2025-11285

MCPHub's ServerController is vulnerable to Command Injection

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes