{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359776?format=json","vulnerability_id":"VCID-ctc9-v5xx-dfg7","summary":"MCPHub has Path Traversal via Malicious MCPB Manifest Name\n**MCPB File Upload Handler** extracts a ZIP file and reads `manifest.json` from it. The `name` field in the manifest is directly concatenated into a file path (line 107) without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where `manifest.name` is set to something like `../../../etc/malicious`, causing the file to be extracted to an arbitrary location on the file system. The `cleanupOldMcpbServer` function (line 110) also uses the unsanitized name, potentially allowing deletion of arbitrary directories.\n\n## 1. Summary\n- **Vulnerability Type**: Path Traversal (CWE-22)\n- **Sink Location**: src/controllers/mcpbController.ts:107\n- **Vulnerability Description**: The `name` field from an uploaded MCPB manifest is used directly, without sanitization or normalization, to construct a file system path for directory creation and move operations, which may lead to path traversal attacks.\n\n## 2. Analysis Logic\n\n### Step 1: Inspect the identified sink (src/controllers/mcpbController.ts:106-116)\nI examined the upload handler and located the file system sink where `manifest.name` is used to build the final extraction path and write files to that path.\n\n```ts\n// src/controllers/mcpbController.ts:106-116\n// Use server name as the final extract directory for automatic version management\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\n\n// Clean up any existing version of this server\ncleanupOldMcpbServer(manifest.name);\nif (!fs.existsSync(finalExtractDir)) {\n  fs.mkdirSync(finalExtractDir, { recursive: true });\n}\n\n// Move the temporary directory to the final location\nfs.renameSync(tempExtractDir, finalExtractDir);\n```\n\nAnalysis: `manifest.name` is used to build `finalExtractDir`, which is then operated on by `fs.mkdirSync` and `fs.renameSync`. These are file system write/move operations, so if `name` is user-controlled and unsanitized, this is a path traversal sink. Next, I traced the origin of `manifest.name`.\n\n### Step 2: Trace the source of `manifest.name` in the upload handler (src/controllers/mcpbController.ts:83-104)\nI traced back the data flow to see how the manifest is read and validated.\n\n```ts\n// src/controllers/mcpbController.ts:83-104\nconst manifestPath = path.join(tempExtractDir, 'manifest.json');\nif (!fs.existsSync(manifestPath)) {\n  throw new Error('manifest.json not found in MCPB file');\n}\n\nconst manifestContent = fs.readFileSync(manifestPath, 'utf-8');\nconst manifest = JSON.parse(manifestContent);\n\n// Validate required fields in manifest\nif (!manifest.manifest_version) {\n  throw new Error('Invalid manifest: missing manifest_version');\n}\nif (!manifest.name) {\n  throw new Error('Invalid manifest: missing name');\n}\n```\n\nAnalysis: `manifest` is parsed directly from `manifest.json` inside the uploaded archive. The only check on `manifest.name` is that it is non‑empty; there is no sanitization, normalization, or allow‑list validation. Next, I confirmed the entry point for uploading MCPB files to verify user control.\n\n### Step 3: Trace the HTTP entry point in src/routes/index.ts:297-299\nI located the route that exposes the upload handler.\n\n```ts\n// src/routes/index.ts:297-299\n// MCPB upload routes\nrouter.post('/mcpb/upload', uploadMiddleware, uploadMcpbFile);\n```\n\nAnalysis: The `/mcpb/upload` endpoint invokes `uploadMiddleware` and `uploadMcpbFile`, so user‑supplied uploads are the source of the manifest content. Next, I verified the upload middleware behavior.\n\n### Step 4: Confirm the upload middleware (src/controllers/mcpbController.ts:8-38)\nI inspected how the uploaded file is received and stored.\n\n```ts\n// src/controllers/mcpbController.ts:8-38\nconst storage = multer.diskStorage({\n  destination: (_req, _file, cb) => {\n    const uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\n    if (!fs.existsSync(uploadDir)) {\n      fs.mkdirSync(uploadDir, { recursive: true });\n    }\n    cb(null, uploadDir);\n  },\n  filename: (_req, file, cb) => {\n    const timestamp = Date.now();\n    const originalName = path.parse(file.originalname).name;\n    cb(null, `${originalName}-${timestamp}.mcpb`);\n  },\n});\n\nconst upload = multer({\n  storage,\n  fileFilter: (_req, file, cb) => {\n    if (file.originalname.endsWith('.mcpb')) {\n      cb(null, true);\n    } else {\n      cb(new Error('Only .mcpb files are allowed'));\n    }\n  },\n  limits: {\n    fileSize: 500 * 1024 * 1024, // 500MB limit\n  },\n});\n\nexport const uploadMiddleware = upload.single('mcpbFile');\n```\n\nAnalysis: The upload middleware only checks file extension and size. It does not restrict or validate the contents of the archive or `manifest.name`. Therefore, `manifest.name` is user‑controlled input. Next, I checked whether any sanitization or normalization is applied before reaching the sink.\n\n### Step 5: Verify lack of path validation on `manifest.name` in src/controllers/mcpbController.ts:92-110\nI verified that no path sanitization occurs between parsing and usage.\n\n```ts\n// src/controllers/mcpbController.ts:92-110\nif (!manifest.name) {\n  throw new Error('Invalid manifest: missing name');\n}\n// ...\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\ncleanupOldMcpbServer(manifest.name);\n```\n\nAnalysis: Before using `manifest.name` to construct a file system path, there is no `path.resolve`/`realpath` check, no use of `basename()`, and no allow‑list validation. This confirms that the path is built from untrusted input without defenses.\n\n### Step 6: Examine cleanup behavior using the unsanitized name (src/controllers/mcpbController.ts:41-52)\nI verified how `cleanupOldMcpbServer` uses the same input.\n\n```ts\n// src/controllers/mcpbController.ts:41-52\nconst uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\nconst serverPattern = `server-${serverName}`;\n\nif (fs.existsSync(uploadDir)) {\n  const files = fs.readdirSync(uploadDir);\n  files.forEach((file) => {\n    if (file.startsWith(serverPattern)) {\n      const filePath = path.join(uploadDir, file);\n      if (fs.statSync(filePath).isDirectory()) {\n        fs.rmSync(filePath, { recursive: true, force: true });\n      }\n    }\n  });\n}\n```\n\nAnalysis: `serverName` is used without validation, but the deletion is limited to directories already present in `uploadDir` as returned by `readdirSync`. The main traversal risk remains in constructing the path for `finalExtractDir` and the subsequent file system operations.\n\n### Analysis Walkthrough\n- Q1: Does user‑controllable input affect the file path? → **Yes**. `manifest.name` is read from the uploaded archive’s `manifest.json` and used in `path.join(...)` to build `finalExtractDir` (src/controllers/mcpbController.ts:89-110).\n- Q2: Is the path normalized and validated against a base directory? → **No**. There is no `resolve`/`realpath` + `startsWith` check before `fs.mkdirSync`/`fs.renameSync` (src/controllers/mcpbController.ts:106-116).\n- Q3: Is `basename()`/`getName()` used to strip directory components? → **No**. `manifest.name` is used directly in a template string (src/controllers/mcpbController.ts:106-107).\n- Q4: Is there a valid allow‑list for allowed names? → **No**. Only an existence check is performed on `manifest.name` (src/controllers/mcpbController.ts:92-97).\n- Q5: Is the code in a test/demo/deprecated/generated context? → **No**. This is a production controller and route (src/controllers/mcpbController.ts:64-130, src/routes/index.ts:297-299).\n- → Reached leaf node: **True Positive**\n\n## 3. Conclusion\n**True Positive**\n\n**Key evidence:**\n- `manifest.name` flows directly into `finalExtractDir` and is used by `fs.mkdirSync` and `fs.renameSync` without sanitization (src/controllers/mcpbController.ts:106-116).\n- `manifest.name` is parsed from `manifest.json` inside an uploaded archive, with only a non‑empty check (src/controllers/mcpbController.ts:89-97).\n- The `/mcpb/upload` endpoint exposes the upload handler that processes user‑supplied archives (src/routes/index.ts:297-299).\n\n## 4. Remediation Recommendations\n- Add normalization and base directory validation before using `manifest.name` to construct `finalExtractDir` (e.g., `const resolved = path.resolve(baseDir, `server-${safeName}`); if (!resolved.startsWith(baseDir)) reject;`).\n- Use `path.basename()` to strip directory components from `manifest.name` and enforce a strict character allow‑list (alphanumeric, `_`, `-`, `.`) before use.\n- Consider rejecting any `manifest.name` that contains path separators or traversal sequences, and add unit tests for malicious traversal inputs.","aliases":[{"alias":"GHSA-p3h2-2j4p-p83g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373419?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.13"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/861819?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/861820?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/861821?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/861822?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/861823?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/861824?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/861825?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/861826?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/861827?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/861828?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/861829?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/861830?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/861831?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/861832?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/861833?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/861834?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/861835?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/861836?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/861837?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/861838?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/861839?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/861840?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.23"},{"url":"http://public2.vulnerablecode.io/api/packages/861841?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/861842?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/861843?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.26"},{"url":"http://public2.vulnerablecode.io/api/packages/861844?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/861845?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/861846?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/861847?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/861848?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/861849?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/861850?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/861851?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/861852?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/861853?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/861854?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/861855?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/861856?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/861857?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/861858?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/861859?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/861860?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/861861?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/861862?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/861863?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/861864?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/861865?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/861866?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/861867?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/861868?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/861869?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/861870?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/861871?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/861872?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/861873?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/861874?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/34086?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"},{"vulnerability":"VCID-usx6-j1jv-p3a9"},{"vulnerability":"VCID-yvc7-97ny-wkgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.10"},{"url":"http://public2.vulnerablecode.io/api/packages/861875?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/1007221?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1007222?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1007223?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.14"},{"url":"http://public2.vulnerablecode.io/api/packages/1007224?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.15"},{"url":"http://public2.vulnerablecode.io/api/packages/1007225?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.16"},{"url":"http://public2.vulnerablecode.io/api/packages/1007226?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1007227?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1007228?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1007229?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1007230?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1007231?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1007232?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373331?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1024219?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1024220?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1024221?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1024222?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1024223?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1024224?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1024225?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1024226?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1024227?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1024228?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.10"},{"url":"http://public2.vulnerablecode.io/api/packages/1024229?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.11"},{"url":"http://public2.vulnerablecode.io/api/packages/1024230?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1024231?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1024232?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1024233?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1024234?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1024235?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1024236?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1024237?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1024238?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1024239?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1024240?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1024241?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1024242?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.10"},{"url":"http://public2.vulnerablecode.io/api/packages/1024243?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.11"},{"url":"http://public2.vulnerablecode.io/api/packages/1024244?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.12"}],"references":[{"reference_url":"https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c"},{"reference_url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g"},{"reference_url":"https://github.com/advisories/GHSA-p3h2-2j4p-p83g","reference_id":"GHSA-p3h2-2j4p-p83g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3h2-2j4p-p83g"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctc9-v5xx-dfg7"}