ID	Title	Target	Severity	Status	Date
ASF-2026-1963	Insecure File Storage of OAuth Tokens	mcp-gsuite	medium	reported	7d ago
ASF-2026-1960	OAuth2 State Parameter Validation Missing	mcp-gsuite	high	reported	7d ago
ASF-2026-1961	Sensitive Data Exposure in Logs	mcp-gsuite	high	reported	7d ago
ASF-2026-0900	Full process.env forwarded to child processes	xcodebuildmcp	low	reported	12d ago
ASF-2026-0899	Broad file system read/write access	xcodebuildmcp	low	reported	12d ago
ASF-2026-0898	Shell command execution via child_process	xcodebuildmcp	low	reported	12d ago
ASF-2026-0897	Sentry telemetry enabled by default	xcodebuildmcp	low	reported	12d ago
ASF-2026-0875	Database password logged in plaintext via println	tabularis	medium	reported	16d ago
ASF-2026-0876	SSH host key verification unconditionally disabled	tabularis	medium	reported	16d ago
ASF-2026-0874	Permissive CORS allows any origin to access session server API	pctx	medium	reported	16d ago
ASF-2026-0873	Opt-in flag allows absolute attachment paths outside project	mcp-agent-mail-rust	low	reported	16d ago
ASF-2026-0872	SHA1 used for attachment content addressing	mcp-agent-mail-rust	low	reported	16d ago
ASF-2026-0871	Path allowlist uses string prefix check vulnerable to sibling directory bypass	mcp-workspace-server	medium	reported	16d ago
ASF-2026-0870	Silent fallback disables network isolation for executed code	mcp-workspace-server	medium	reported	16d ago
ASF-2026-0869	API secret key exposed in unauthenticated HTTP endpoints	finance-trading-ai-agents-mcp	medium	reported	16d ago
ASF-2026-0868	API credentials logged at INFO level during initialization	polymarket-mcp-server	medium	reported	16d ago
ASF-2026-0853	SQL identifier interpolated via f-string in get_table_schema	awslabs-mcp	medium	reported	16d ago
ASF-2026-0852	Unpinned npx -y package execution in MCP config	apple-docs-mcp	medium	reported	16d ago
ASF-2026-0847	Path traversal allows reading arbitrary files via read_file tool	damn-vulnerable-mcp-server	high	reported	16d ago
ASF-2026-0844	Arbitrary shell and Python code execution without sandboxing	damn-vulnerable-mcp-server	critical	reported	16d ago
ASF-2026-0845	Shell injection via unsanitized host parameter in network tools	damn-vulnerable-mcp-server	critical	reported	16d ago
ASF-2026-0846	Tool poisoning via hidden LLM instructions in tool descriptions	damn-vulnerable-mcp-server	high	reported	16d ago
ASF-2026-0848	Authentication tokens leaked in error messages and status responses	damn-vulnerable-mcp-server	high	reported	16d ago
ASF-2026-0849	Unsafe eval() on user-controlled mathematical expressions	damn-vulnerable-mcp-server	high	reported	16d ago
ASF-2026-0850	Dynamic tool description mutation enables rug pull attack	damn-vulnerable-mcp-server	medium	reported	16d ago
ASF-2026-0851	Multi-vector attack combining tool poisoning, credential exposure, and file read	damn-vulnerable-mcp-server	high	reported	16d ago
ASF-2026-0842	Browser sandbox and web security disabled for automation	web-eval-agent	low	reported	16d ago
ASF-2026-0843	Hardcoded Flask SECRET_KEY on local dashboard server	web-eval-agent	low	reported	16d ago
ASF-2026-0841	Function execution input logged at INFO level may contain sensitive user data	aci	low	reported	16d ago
ASF-2026-0840	Sentry send_default_pii sends API keys and session data to third party	aci	medium	reported	16d ago
ASF-2026-0839	PowerShell injection via unsanitized Notification tool parameters	windows-mcp	medium	reported	16d ago
ASF-2026-0838	YAML FullLoader used instead of SafeLoader for config parsing	mcp-scan	medium	reported	16d ago
ASF-2026-0836	Undisclosed telemetry sends usage data to PostHog	mobile-mcp	medium	reported	16d ago
ASF-2026-0834	Wildcard CORS with credentials enabled on streamable-HTTP transport	jupyter-mcp-server	medium	reported	16d ago
ASF-2026-0835	XSRF protection disabled on MCP SSE handler	jupyter-mcp-server	low	reported	16d ago
ASF-2026-0833	Resource handler allows arbitrary file read via absolute paths	elevenlabs-mcp	medium	reported	16d ago
ASF-2026-0832	No SQL operation allowlist on execute_sql tool	mysql-mcp-server	low	reported	16d ago
ASF-2026-0831	Unescaped table name interpolation in read_resource	mysql-mcp-server	medium	reported	16d ago
ASF-2026-0830	OAUTHLIB_INSECURE_TRANSPORT set unconditionally in auth callback	google-workspace-mcp	medium	reported	16d ago
ASF-2026-0829	Unrestricted local file read via file:// URL in Drive upload tools	google-workspace-mcp	medium	reported	16d ago
ASF-2026-0828	No path restriction on file operation tools	office-word-mcp-server	medium	reported	16d ago
ASF-2026-0827	No path restriction on attachment download target directory	mcp-atlassian	medium	reported	16d ago
ASF-2026-0826	SSL verification bypass with legacy renegotiation enabled	mcp-atlassian	medium	reported	16d ago
ASF-2026-0825	LLM instruction injection in tool response output	notebooklm-mcp	low	reported	16d ago
ASF-2026-0824	No SSRF protection against internal network access	fetcher-mcp	medium	reported	16d ago
ASF-2026-0802	Unsanitized file path in file upload allows arbitrary file reads	notion-mcp-server	medium	reported	16d ago
ASF-2026-0801	Unsanitized file path in create-ui tool enables arbitrary directory git operations	21st-dev-magic-mcp	medium	reported	16d ago
ASF-2026-0800	Unsanitized file path in refine-ui tool allows arbitrary file read and external transmission	21st-dev-magic-mcp	medium	reported	16d ago
ASF-2026-0797	LLM prompt injection via tool response for onboarding	desktop-commander	medium	reported	16d ago

Audit History (50)

Package	Risk Score	Result	Max Severity	Findings	Date
mcp-gsuite	35	caution	high	3	7d ago
mcp-gsuite	30	caution	high	2	7d ago
agentaudit-skill	0	safe	none	0	11d ago
fastmcp	5	caution	medium	0	11d ago
servers	0	safe	none	0	11d ago
tabularis	0	safe	none	0	11d ago
xcodebuildmcp	4	safe	low	4	12d ago
desktop-commander	15	caution	—	5	12d ago
tabularis	10	safe	—	2	16d ago
bouvet	0	safe	—	0	16d ago
kindly-web-search-mcp-server	0	safe	—	0	16d ago
modular-rag-mcp-server	0	safe	—	0	16d ago
terminal-mcp	0	safe	—	0	16d ago
pctx	5	safe	—	1	16d ago
mcp-agent-mail-rust	1	safe	—	2	16d ago
vestige	0	safe	—	0	16d ago
cloudflare-mcp	0	safe	—	0	16d ago
microsoft-work-iq-mcp	0	safe	—	0	16d ago
mcp-workspace-server	10	safe	—	2	16d ago
finance-trading-ai-agents-mcp	5	safe	—	1	16d ago
polymarket-mcp-server	5	safe	—	1	16d ago
mcp-server-code-execution-mode	0	safe	—	0	16d ago
agent-council	0	safe	—	0	16d ago
microsoft-ads-mcp	0	safe	—	0	16d ago
awslabs-mcp	5	safe	—	1	16d ago
apple-docs-mcp	5	safe	—	1	16d ago
damn-vulnerable-mcp-server	35	caution	—	8	16d ago
glin-profanity-mcp	0	safe	—	0	16d ago
web-eval-agent	1	safe	—	2	16d ago
aci	6	safe	—	2	16d ago
unla	0	safe	—	0	16d ago
windows-mcp	5	safe	—	1	16d ago
mcp-server-chatsum	0	safe	—	0	16d ago
mcp-cli	0	safe	—	0	16d ago
fastapi-mcp	0	safe	—	0	16d ago
mcp-agent	15	safe	—	0	16d ago
mcp-scan	5	safe	—	1	16d ago
unity-mcp	0	safe	—	0	16d ago
executeautomation-mcp-playwright	0	safe	—	0	16d ago
mobile-mcp	5	safe	—	1	16d ago
kubectl-mcp-server	0	safe	—	0	16d ago
jupyter-mcp-server	6	safe	—	2	16d ago
elevenlabs-mcp	5	safe	—	1	16d ago
linkedin-mcp-server	0	safe	—	0	16d ago
ros-mcp-server	0	safe	—	0	16d ago
mysql-mcp-server	5	safe	—	2	16d ago
google-workspace-mcp	10	safe	—	2	16d ago
office-word-mcp-server	5	safe	—	1	16d ago
mcp-server-qdrant	0	safe	—	0	16d ago
office-powerpoint-mcp-server	0	safe	—	0	16d ago