mcp-neo4j-cypher

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mcp-neo4j-cypherpage 1 of 1

CVE-2025-10193HIGHCVSS 7.4EG 0.0✓ Fixed in 0.4.0
2025-09-11
vulnerable: 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.3.1
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user…
CVE-2026-35402LOWCVSS 2.3EG 2.3✓ Fixed in 0.6.0
2026-04-17
vulnerable: 0.1.1 ... 0.5.3 (14 versions)
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operatio…

Check whether mcp-neo4j-cypher is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mcp-neo4j-cypher CVEs against the assets you own.

Start Free Scan →