{"url":"http://public2.vulnerablecode.io/api/packages/983033?format=json","purl":"pkg:npm/hyperterse@2.1.0","type":"npm","namespace":"","name":"hyperterse","version":"2.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.0","latest_non_vulnerable_version":"2.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50895?format=json","vulnerability_id":"VCID-qdeq-twnp-j3gm","summary":"Hyperterse: Raw exposure of database statements in MCP search tool\nHyperterse allows users to specify database queries for tools to execute under the hood. As of [v2.0.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.0.0), there are only two tools exposed - `search` and `execute`.\n\nThe `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly.\n\nThis issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31841","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13624","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13591","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13678","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31841"},{"reference_url":"https://github.com/hyperterse/hyperterse","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hyperterse/hyperterse"},{"reference_url":"https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T17:50:05Z/"}],"url":"https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31841","reference_id":"CVE-2026-31841","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31841"},{"reference_url":"https://github.com/advisories/GHSA-92gp-jfgx-9qpv","reference_id":"GHSA-92gp-jfgx-9qpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92gp-jfgx-9qpv"},{"reference_url":"https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv","reference_id":"GHSA-92gp-jfgx-9qpv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T17:50:05Z/"}],"url":"https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74858?format=json","purl":"pkg:npm/hyperterse@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hyperterse@2.2.0"}],"aliases":["CVE-2026-31841","GHSA-92gp-jfgx-9qpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdeq-twnp-j3gm"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/hyperterse@2.1.0"}