security
Security
Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.
45 CRITICAL
3647 HIGH
531 MEDIUM
1205 LOW
11 NONE
Risk: servers ranked by their composite exposure score — synthesised from CVEs, inferred permissions, drift, supply-chain and abandonment signals. Heuristic and banded; a high grade is a 'review this' signal, never a verdict.
A fix already ships upstream but the server still runs an older, vulnerable version — remediation lag, actionable today.
- @frontmcp/adapters HIGH CVE-2026-39885 1.4.1 → 2.3.0
- @frontmcp/sdk HIGH CVE-2026-39885 1.4.1 → 2.3.0
- 16 D pvliesdonk/markdown-vault-mcp 76
- 17 D frsorrentino/chrome-bridge 73
- 18 D @diskd-ai/email-mcp 72
- 19 D aiwg 72
- 20 D alibabacloud-devops-mcp-server 72
- 21 D juspay/neurolink 72
- 22 D warunacds/apple-asc-mcp 72
- 23 D @mcp-guardian/server 71
- 24 D IgorGanapolsky/mcp-memory-gateway 71
- 25 D fxspeiser/crosscheck-agent 71
- 26 D gitnexus 71
- 27 D pulsemcp/mcp-servers 71
- 28 D kadam-official/mcp-server 70
- 29 D mcp-server-kubernetes 70
- 30 D AvivAvital2/Ariadne 69