npm
@samanhappy/mcphub
5 known vulnerabilities · 0 critical · 0 high
MCPHub has an Improper Authorization vulnerability via its handleSseConnection function
Published Oct 5, 2025
GHSA-wf8q-wvv8-p8jf
@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation
Published May 14, 2026
GHSA-p3h2-2j4p-p83g
MCPHub has Path Traversal via Malicious MCPB Manifest Name
Published Apr 22, 2026
GHSA-9vq7-9h42-j88h
MCPHub has an authentication bypass
Published Apr 14, 2026
Check your entire dependency tree at onceRun dependency scan →