pkg:Go/github.com/modelcontextprotocol/registry
6 total CVEsMEDIUM3LOW2
✅ Check your installed version
All known vulnerabilities
MEDIUM5.4CVE-2026-44429MCP Registry vulnerable to stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl` from 0, < 1.7.7
MEDIUM4.7CVE-2026-44428MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience from 0, < 1.7.6
MEDIUM4.0CVE-2026-44430MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist from 0, < 1.7.7
LOW3.5MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
from 0, < 1.7.9
LOW3.5MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
from 0, < 1.7.9
—MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
>= 1.1.0, < 1.7.5