Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/mcp-fetch-server@1.0.2
Typenpm
Namespace
Namemcp-fetch-server
Version1.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-d3jt-bfz9-gygx
vulnerability_id VCID-d3jt-bfz9-gygx
summary 
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.
references
0
reference_url https://github.com/zcaceres/fetch-mcp
reference_id
reference_type
scores
url https://github.com/zcaceres/fetch-mcp
1
reference_url https://github.com/zcaceres/fetch-mcp/blob/c662c8ac300f715e414a64766cd95cc9ec60a1b3/src/Fetcher.ts#L20
reference_id
reference_type
scores
url https://github.com/zcaceres/fetch-mcp/blob/c662c8ac300f715e414a64766cd95cc9ec60a1b3/src/Fetcher.ts#L20
2
reference_url https://thorn-pheasant-6d8.notion.site/fetch-mcp-2853daf7b44180029ca5d56e03195736
reference_id
reference_type
scores
url https://thorn-pheasant-6d8.notion.site/fetch-mcp-2853daf7b44180029ca5d56e03195736
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65513
reference_id CVE-2025-65513
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-65513
4
reference_url https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65513.md
reference_id CVE-2025-65513.MD
reference_type
scores
url https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65513.md
5
reference_url https://github.com/advisories/GHSA-8fxj-2g9q-8fjw
reference_id GHSA-8fxj-2g9q-8fjw
reference_type
scores
url https://github.com/advisories/GHSA-8fxj-2g9q-8fjw
fixed_packages
aliases CVE-2025-65513, GHSA-8fxj-2g9q-8fjw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3jt-bfz9-gygx
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/mcp-fetch-server@1.0.2