npm
@penpot/mcp
1 known vulnerability · 0 critical · 0 high
GHSA-22qr-rp27-j9wm
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE
Published May 19, 2026
Check your entire dependency tree at onceRun dependency scan →