Skip to content
/ vulnerability-db Public

Comprehensive vulnerability database for Model Context Protocol servers and implementations. Tracks CVEs, security advisories, and community-reported vulnerabilities with detailed impact assessments, remediation guidance, and disclosure timelines.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ModelContextProtocol-Security/vulnerability-db

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
advisories/2025/07/16
advisories/2025/07/16
 
 
scripts
scripts
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Vulnerability Database (vulnerability-db)

Comprehensive vulnerability database for Model Context Protocol servers and implementations. Tracks CVEs, OSVs, GitHub Security Advisories (GHSA), and community-reported vulnerabilities with detailed impact assessments, remediation guidance, and disclosure timelines.

Overview

The Vulnerability Database is a transparent, community-driven repository of security vulnerabilities found in MCP servers and related implementations. Unlike traditional vulnerability databases that often provide only basic descriptions, this database emphasizes complete transparency in vulnerability discovery, reproduction, and validation processes.

Every vulnerability entry must provide sufficient detail for independent verification, reproduction, and detection in other software. This includes the methodology used to discover the vulnerability, the specific conditions required for exploitation, and comprehensive evidence supporting the finding. This transparency enables the community to validate findings, develop detection techniques, and apply the knowledge to identify similar vulnerabilities in other MCP servers.

Core Principles

Transparency and Reproducibility

  • Discovery Methodology: Complete documentation of how the vulnerability was found
  • Reproduction Steps: Detailed steps to reproduce the vulnerability in the affected software
  • Evidence Provision: Comprehensive evidence including code snippets, logs, and proof-of-concept demonstrations
  • Environmental Requirements: Specific conditions, versions, and configurations required for exploitation

Knowledge Transfer

  • Pattern Recognition: Documentation that enables detection of similar vulnerabilities in other software
  • Technique Sharing: Sharing of vulnerability research methodologies and approaches
  • Root Cause Analysis: Deep analysis of underlying causes to prevent similar issues
  • Detection Automation: Information structured to enable automated vulnerability detection

Validation and Verification

  • Independent Verification: All vulnerabilities must be verifiable by independent researchers
  • Fix Validation: Tracking of remediation efforts and verification of fixes
  • False Positive Prevention: Rigorous validation processes to prevent false vulnerability reports
  • Continuous Monitoring: Ongoing tracking of vulnerability status and fix effectiveness

Vulnerability Entry Requirements

Mandatory Components

1. Vulnerability Overview

  • Unique Identifier: Internal tracking ID and any assigned CVE, OSV, or GHSA numbers
  • Affected Software: Name, version range, repository URL, and specific commits affected
  • Vulnerability Description: Clear description of the security issue

2. Reproduction Information

  • Reproduction Steps: Basic steps to reproduce the vulnerability
  • Evidence: Minimal evidence demonstrating the vulnerability exists

Optional Components

3. Extended Technical Details

  • Discovery Method: How the vulnerability was found
  • Root Cause Analysis: Technical analysis of underlying causes
  • Exploitation Conditions: Specific conditions required for exploitation
  • Attack Vectors: Methods to exploit the vulnerability

4. Additional Evidence

  • Code Analysis: Relevant code snippets showing the vulnerability
  • Proof-of-Concept: Working demonstrations of the vulnerability
  • Test Results: Additional evidence from testing

5. Remediation Information

  • Fix Analysis: Analysis of patches or fixes applied
  • Workaround Solutions: Temporary mitigations available
  • Fix Validation: Evidence that fixes address the issue

6. Metadata

  • Severity Assessment: Impact and exploitability ratings if available
  • Discovery Date: When the vulnerability was identified (if known)
  • Disclosure Timeline: Public disclosure information (if applicable)

Vulnerability Classification and Severity

Vulnerability Taxonomy Development

Part of this project involves creating a comprehensive taxonomy of MCP-specific vulnerabilities and security issues. This taxonomy will be developed collaboratively as we gather more vulnerability data and understand the unique security challenges of the MCP ecosystem.

Vulnerability Severity Assessment

When severity assessments are available, they may use existing frameworks such as CVSSv2 and others. However, current vulnerability severity classification systems may not work well for AI-specific vulnerabilities, and we may need to develop new assessment frameworks tailored to the unique risks and impacts of MCP and AI system vulnerabilities.

Repository Structure

The vulnerability database uses a time-based directory structure with standardized file naming:

vulnerability-db/
├── advisories/
│   ├── 2025/
│   │   ├── 01/
│   │   │   ├── 15/
│   │   │   │   ├── MCPS-01939a4c-8000-7000-8000-123456789abc-osv.json
│   │   │   │   └── MCPS-01939b2d-8001-7000-8000-987654321def-osv.json
│   │   │   └── 16/
│   │   └── 02/
│   └── 2024/
├── schemas/
│   └── osv.json
└── README.md

Directory Structure

  • advisories/: Root directory for all vulnerability advisories
  • YYYY/MM/DD/: Date-based organization by year/month/day
  • schemas/: JSON schema files for validation

File Naming Convention

  • Format: MCPS-{UUID}-{format}.json
  • MCPS: Model Context Protocol Security project prefix
  • UUID: UUID v7 (time-ordered, sortable)
  • Format: Currently osv (Open Source Vulnerability format)
  • Example: MCPS-01939a4c-8000-7000-8000-123456789abc-osv.json

Supported Formats

  • osv: Open Source Vulnerability format (OSV schema) - Current format

The format suffix is maintained for future extensibility to support additional vulnerability formats if needed.

Schema Validation

All advisory files must conform to the OSV JSON schema:

  • OSV files validated against official OSV schema
  • Validation occurs automatically via CI/CD pipeline
  • Schema file stored in schemas/osv.json

Quality Standards

Quality Goals

The following represent our quality goals and aspirations for vulnerability entries. These are what we strive to work towards, not strict requirements for submission.

Vulnerability Quality Aspirations

Technical Accuracy

  • Verified Findings: Ideally, vulnerabilities would be independently verified and tested
  • Reproduction Validation: Optimally, reproduction steps would be validated by multiple parties
  • False Positive Prevention: Goal to develop rigorous validation processes to prevent incorrect vulnerability reports
  • Technical Depth: Aspiration for sufficient technical detail to understand and address vulnerabilities

Completeness

  • Comprehensive Documentation: Goal for all relevant components to be present and complete
  • Evidence Provision: Aspiration for sufficient evidence to support claims and findings
  • Methodology Transparency: Ideal of complete disclosure of discovery and validation processes
  • Fix Tracking: Goal of comprehensive tracking of remediation efforts and verification

Community Value

  • Knowledge Transfer: Aspiration for information structured to enable learning and pattern recognition
  • Practical Utility: Goal for findings that provide actionable information for security improvement
  • Pattern Recognition: Ideal of documentation that enables detection of similar issues elsewhere
  • Prevention Guidance: Aspiration for information that helps prevent similar vulnerabilities in future development

Validation Process

Submission Validation

  1. Technical Review: Verification of technical accuracy and reproduction steps
  2. Independent Verification: Confirmation by independent researchers when possible
  3. Evidence Validation: Review of supporting evidence and proof-of-concept demonstrations
  4. Community Review: Open review period for community feedback and validation

Ongoing Maintenance

  • Fix Tracking: Continuous monitoring of remediation efforts and fix effectiveness
  • Status Updates: Regular updates on vulnerability status and remediation progress
  • Regression Monitoring: Ongoing verification that fixes remain effective
  • Community Feedback: Incorporation of community feedback and additional findings

Process Improvement and Tool Integration

Vulnerability Research Evolution

As the community contributes vulnerabilities and develops better detection techniques, these improvements must be integrated back into the broader ecosystem:

  • mcpserver-audit Integration: Successful vulnerability detection methodologies should be incorporated into the audit tool's scanning capabilities
  • Pattern Recognition: Vulnerability patterns and signatures should be systematized for automated detection
  • Tool Enhancement: Detection techniques that prove effective should be integrated into security tooling
  • Research Advancement: The vulnerability database serves as a foundation for advancing MCP security research

This ensures that manual vulnerability research continuously improves automated detection capabilities, creating a comprehensive security intelligence system.

Community Participation

Contribution Guidelines

For Vulnerability Researchers

  • Responsible Disclosure: Follow responsible disclosure practices and coordination timelines
  • Thorough Documentation: Provide comprehensive documentation enabling reproduction and validation
  • Community Engagement: Respond to community questions and validation efforts
  • Pattern Sharing: Document patterns and techniques that could help find similar issues

For Validators

  • Independent Verification: Attempt to reproduce and validate reported vulnerabilities
  • Constructive Feedback: Provide specific, actionable feedback on vulnerability reports
  • Pattern Recognition: Identify connections to other vulnerabilities and security issues
  • Quality Improvement: Contribute to improving vulnerability reporting standards

Recognition and Incentives

Contributor Recognition

  • Research Quality: Recognition for high-quality, well-documented vulnerability research
  • Community Impact: Acknowledgment of vulnerabilities that significantly improve MCP security
  • Methodology Innovation: Recognition for innovative vulnerability discovery techniques
  • Responsible Disclosure: Acknowledgment of proper disclosure and coordination practices

Community Benefits

  • Shared Intelligence: Community benefits from shared vulnerability intelligence and patterns
  • Improved Security: Better security outcomes through transparent vulnerability research
  • Knowledge Advancement: Advancement of MCP security research and detection capabilities
  • Prevention Focus: Emphasis on preventing similar vulnerabilities in future development

Integration with Ecosystem

Input Sources

  • audit-db: Vulnerabilities discovered during comprehensive audits
  • Independent Research: Direct vulnerability research and security analysis
  • Community Reports: Vulnerability reports from users and security researchers
  • Automated Detection: Vulnerabilities found through automated scanning and analysis

Output Destinations

  • mcpserver-audit: Vulnerability intelligence to improve audit tool detection capabilities
  • mcpserver-finder: Security risk information to inform server recommendations
  • Vulnerability Tracking Systems: Informing CVE, OSV, and GitHub Security Advisory (GHSA) databases
  • Security Advisories: Information for security advisory creation and distribution

Usage and Access

Public Access

  • Open Repository: Full vulnerability database is publicly accessible
  • Search Capabilities: Comprehensive search across vulnerabilities, patterns, and evidence
  • API Access: Programmatic access for security tool integration and analysis
  • Intelligence Feeds: Structured feeds for security tools and monitoring systems

Integration Support

  • Detection Integration: APIs for integrating vulnerability intelligence into security tools
  • Automated Monitoring: Support for automated vulnerability monitoring and alerting
  • Pattern Matching: Structured data for automated pattern recognition and detection
  • Research Support: Data access for academic research and security analysis

CLI Tools

Installation

Install the required dependencies:

pip install -r requirements.txt

MCPS Advisory CLI

The scripts/mcps-advisory.py tool provides commands for creating, validating, and managing MCPS vulnerability advisories.

Commands

Create a new advisory:

./scripts/mcps-advisory.py create [OPTIONS]

Options:

  • --id ID: Specify advisory ID (auto-generated OSV-MCPS-YYYY-XXXXXXXX format if not provided)
  • --summary TEXT: Advisory summary
  • --details TEXT: Detailed description
  • --date YYYY-MM-DD: Advisory date (defaults to current date)

Validate an advisory:

./scripts/mcps-advisory.py validate FILE

List existing advisories:

./scripts/mcps-advisory.py list [--verbose]

Usage Examples

# Create a new advisory with basic information
./scripts/mcps-advisory.py create --summary "XSS vulnerability in MCP server" --details "Cross-site scripting vulnerability found in request handling"

# Create advisory with specific ID and date
./scripts/mcps-advisory.py create --id "OSV-MCPS-2025-ABC12345" --date "2025-01-15"

# Validate an existing advisory
./scripts/mcps-advisory.py validate advisories/2025/01/15/OSV-MCPS-2025-ABC12345-osv.json

# List all advisories
./scripts/mcps-advisory.py list

# List with full file paths
./scripts/mcps-advisory.py list --verbose

File Output

The CLI automatically:

  • Generates MCPS identifiers in OSV-compliant format (OSV-MCPS-YYYY-XXXXXXXX)
  • Creates proper directory structure (advisories/YYYY/MM/DD/)
  • Names files using format: {ID}-osv.json
  • Validates against OSV schema
  • Includes MCPS-specific metadata fields

Contributing

We welcome contributions from the security research community, including:

  • Vulnerability Reports: Well-documented vulnerability findings with complete reproduction steps
  • Detection Techniques: Improved methods for identifying and validating vulnerabilities
  • Pattern Documentation: Analysis of vulnerability patterns and detection signatures
  • Tool Development: Security tools that enhance vulnerability detection and validation
  • Research Collaboration: Academic research and analysis of MCP security vulnerabilities

Getting Started

  1. Review Standards: Familiarize yourself with vulnerability reporting standards
  2. Responsible Disclosure: Follow proper disclosure practices and coordination
  3. Document Thoroughly: Use comprehensive documentation for all findings
  4. Engage Community: Participate in community validation and feedback processes
  5. Share Knowledge: Contribute to improving community vulnerability detection capabilities

Get Involved

Join our community: GitHub DiscussionsSlack #mcp channelContribute on GitHub

Part of the Model Context Protocol Security initiative - A Cloud Security Alliance community project.

About

Comprehensive vulnerability database for Model Context Protocol servers and implementations. Tracks CVEs, security advisories, and community-reported vulnerabilities with detailed impact assessments, remediation guidance, and disclosure timelines.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages