mcp-markdownify-server

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mcp-markdownify-serverpage 1 of 1

CVE-2025-5273MEDIUMCVSS 6.5EG 6.5
2025-05-29
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to r…
CVE-2025-5276HIGHCVSS 7.4EG 7.4
2025-05-29
All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markd…
CVE-2025-58358HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.2
2025-09-04
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exe…

Check whether mcp-markdownify-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mcp-markdownify-server CVEs against the assets you own.

Start Free Scan →