Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/812866?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/812866?format=api", "purl": "pkg:npm/mcp-server-kubernetes@2.3.1", "type": "npm", "namespace": "", "name": "mcp-server-kubernetes", "version": "2.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.5.0", "latest_non_vulnerable_version": "3.7.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105511?format=api", "vulnerability_id": "VCID-5zvc-bjq2-4yem", "summary": "MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35061", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35241", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35263", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35239", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53355" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53355", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53355" }, { "reference_url": "https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9", "reference_id": "0dbd6995ccdf76ab770b58013034365b2d06c4d9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-09T13:31:32Z/" } ], "url": "https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514", "reference_id": "ab165f5a0eea917fef5dbae954506fff6f4bf514", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-09T13:31:32Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514" }, { "reference_url": "https://github.com/advisories/GHSA-gjv4-ghm7-q58q", "reference_id": "GHSA-gjv4-ghm7-q58q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjv4-ghm7-q58q" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q", "reference_id": "GHSA-gjv4-ghm7-q58q", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-09T13:31:32Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-gjv4-ghm7-q58q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378278?format=api", "purl": "pkg:npm/mcp-server-kubernetes@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qvnn-nya6-eyhr" }, { "vulnerability": "VCID-sc26-rtun-dba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/mcp-server-kubernetes@2.5.0" } ], "aliases": [ "CVE-2025-53355", "GHSA-gjv4-ghm7-q58q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5zvc-bjq2-4yem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95037?format=api", "vulnerability_id": "VCID-qvnn-nya6-eyhr", "summary": "MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55698", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.557", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55712", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55578", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66404" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/commit/47d3136dd272c947464524f11f47bb519814698e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/commit/47d3136dd272c947464524f11f47bb519814698e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66404", "reference_id": "CVE-2025-66404", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66404" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/commit/d091107ff92d9ffad1b3c295092f142d6578c48b", "reference_id": "d091107ff92d9ffad1b3c295092f142d6578c48b", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-03T20:52:00Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/commit/d091107ff92d9ffad1b3c295092f142d6578c48b" }, { "reference_url": "https://github.com/advisories/GHSA-wvxp-jp4w-w8wg", "reference_id": "GHSA-wvxp-jp4w-w8wg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wvxp-jp4w-w8wg" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg", "reference_id": "GHSA-wvxp-jp4w-w8wg", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-03T20:52:00Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35854?format=api", "purl": "pkg:npm/mcp-server-kubernetes@2.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sc26-rtun-dba2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/mcp-server-kubernetes@2.9.8" } ], "aliases": [ "CVE-2025-66404", "GHSA-wvxp-jp4w-w8wg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvnn-nya6-eyhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72919?format=api", "vulnerability_id": "VCID-sc26-rtun-dba2", "summary": "mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation with user-controlled input and then naively split on spaces before being passed to spawn(). Unlike all other tools in the codebase which correctly use array-based argument passing with execFileSync(), port_forward treats every space in user-controlled fields (namespace, resourceType, resourceName, localPort, targetPort) as an argument boundary, allowing an attacker to inject arbitrary kubectl flags. This enables exposure of internal Kubernetes services to the network by injecting --address=0.0.0.0, cross-namespace targeting by injecting additional -n flags, and indirect exploitation via prompt injection against AI agents connected to the MCP server. This issue has been fixed in version 3.5.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14325", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14351", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1435", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14231", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39884" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39884", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39884" }, { "reference_url": "https://github.com/advisories/GHSA-4xqg-gf5c-ghwq", "reference_id": "GHSA-4xqg-gf5c-ghwq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xqg-gf5c-ghwq" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-4xqg-gf5c-ghwq", "reference_id": "GHSA-4xqg-gf5c-ghwq", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-15T16:04:43Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-4xqg-gf5c-ghwq" }, { "reference_url": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.5.0", "reference_id": "v3.5.0", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-15T16:04:43Z/" } ], "url": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.5.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373349?format=api", "purl": "pkg:npm/mcp-server-kubernetes@3.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/mcp-server-kubernetes@3.5.0" } ], "aliases": [ "CVE-2026-39884", "GHSA-4xqg-gf5c-ghwq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sc26-rtun-dba2" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/mcp-server-kubernetes@2.3.1" }