security
Security
Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.
45 CRITICAL
3647 HIGH
531 MEDIUM
1205 LOW
11 NONE
Risk: servers ranked by their composite exposure score — synthesised from CVEs, inferred permissions, drift, supply-chain and abandonment signals. Heuristic and banded; a high grade is a 'review this' signal, never a verdict.
A fix already ships upstream but the server still runs an older, vulnerable version — remediation lag, actionable today.
- @frontmcp/adapters HIGH CVE-2026-39885 1.4.1 → 2.3.0
- @frontmcp/sdk HIGH CVE-2026-39885 1.4.1 → 2.3.0
- 1 B 9ninety/mcpnotes 34
- 2 B @aisuite/chub 34
- 3 B @atlisp/mcp 34
- 4 B @hubspot/mcp-server 34
- 5 B @sellable/mcp 34
- 6 B @skanda-yutori/mcp-send-email 34
- 7 B @wcag-checkr/mcp 34
- 8 B @xrpl-utilities/mcp 34
- 9 B Christianye/postline 34
- 10 B Custodia-Admin/pagebolt-mcp 34
- 11 B Driftya/code-meridian 34
- 12 B EOX-A/EOxElements 34
- 13 B Gammell53/clawwork-mcp 34
- 14 B IIQ-Community/mcp-incidentiq 34
- 15 B KultMember6Banger/kloakt 34