mcp-run-python

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mcp-run-pythonpage 1 of 1

CVE-2026-25904MEDIUMCVSS 5.8EG 5.8
2026-02-09
vulnerable: 0.0.1, 0.0.2, 0.0.20, 0.0.21, 0.0.22
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-pytho…
CVE-2026-25905MEDIUMCVSS 5.8EG 5.8
2026-02-09
vulnerable: 0.0.1, 0.0.2, 0.0.20, 0.0.21, 0.0.22
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP serv…

Check whether mcp-run-python is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mcp-run-python CVEs against the assets you own.

Start Free Scan →