@modelcontextprotocol/sdk

3 known vulnerabilities · 0 critical · 0 high

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Published Jan 5, 2026

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Published Feb 4, 2026

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

Published Dec 2, 2025

Check your entire dependency tree at onceRun dependency scan →