mcp-server-git
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting mcp-server-gitpage 1 of 1
- CVE-2025-68143HIGHCVSS 8.8EG 8.8✓ Fixed in 2025.9.252025-12-17
vulnerable: 0.2.0 ... 2025.7.1 (11 versions)
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git reposito…
- CVE-2025-68144HIGHCVSS 7.1EG 7.1✓ Fixed in 2025.12.182025-12-17
vulnerable: 0.2.0 ... 2025.9.25 (13 versions)
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) wo…
- CVE-2025-68145CRITICALCVSS 9.1EG 9.1✓ Fixed in 2025.12.182025-12-17
vulnerable: 0.2.0 ... 2025.9.25 (13 versions)
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually…
- CVE-2026-27735MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.1.142026-02-26
vulnerable: 0.2.0 ... 2025.9.25 (14 versions)
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argume…
Check whether mcp-server-git is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mcp-server-git CVEs against the assets you own.
Start Free Scan →