MCP Server CVE Exposure Mapping and Public API Released

MCP Server Security Analysis and Public API
Security researchers have analyzed thousands of MCP (Model Context Protocol) servers to map their dependency trees against known CVEs and security advisories. When you install an MCP server, you're inheriting its entire dependency tree, which may contain vulnerabilities.
Key Findings from the Analysis
- A meaningful percentage of servers carry known vulnerabilities
- Some servers accumulate dozens or 100+ CVEs through dependencies
- Severity varies significantly - high CVE count doesn't necessarily mean high risk, and low count doesn't guarantee safety
- Dependency sprawl is common across MCP servers
- A large portion of these servers still appear on major MCP directories
Public API Details
The researchers built a public API that requires no API key: https://api.mistaike.ai/api/v1/public/cve-index
With this API, you can:
- Search by repository name or server name
- Filter results by vulnerability severity
- Sort by CVE count or recency of vulnerabilities
Important Caveats
The presence of a CVE doesn't automatically mean it's exploitable. Some vulnerabilities exist in unused code paths, while others may already be mitigated. This tool provides visibility into supply chain risk rather than labeling projects as unsafe.
Next Phase: Runtime Behavior Analysis
The researchers are now analyzing what MCP servers actually do at runtime, including network calls and external dependencies. In a subset of servers analyzed so far (~5%), they've identified a small number of behaviors that may have privacy implications, including apparent use of invisible Unicode characters consistent with response watermarking. These observations are still under review, and the team is working to separate true positives from analysis artifacts before engaging with projects directly.
📖 Read the full source: r/ClaudeAI
👀 See Also

OneCLI: Open-Source Credential Vault for AI Agents
OneCLI is an open-source gateway written in Rust that sits between AI agents and external services, injecting real credentials at request time while agents only see placeholder keys. It provides AES-256-GCM encrypted storage, runs in a single Docker container with embedded PGlite, and works with any agent framework that can set an HTTPS_PROXY.

Domain-Camouflaged Injection Attacks Evade Detectors in Multi-Agent LLM Systems
A new paper shows injection payloads tailored to domain vocabulary evade detection, dropping IDR from 93.8% to 9.7%. Multi-agent debate amplifies attacks. Llama Guard 3 detects zero payloads.

AgentSeal Security Scan Finds AI Agent Risks in Blender MCP Server
AgentSeal scanned the Blender MCP server (17k stars) and identified several security issues relevant to AI agents, including arbitrary Python execution, potential file exfiltration chains, and prompt injection patterns in tool descriptions.

820 Malicious Skills Found in OpenClaw's ClawHub Marketplace
Security researchers identified 820 skills in OpenClaw's ClawHub marketplace containing confirmed malware including keyloggers, data-exfiltration scripts, and hidden shell commands. These skills can execute code and interact with the local environment, creating supply-chain security risks.