pkg:npm/@modelcontextprotocol/sdk
3 total CVEsHIGH1
✅ Check your installed version
All known vulnerabilities
HIGH7.1CVE-2026-25536@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse >= 1.10.0, < 1.26.0
—CVE-2026-0621Anthropic's MCP TypeScript SDK has a ReDoS vulnerability from 0, < 1.25.2
—CVE-2025-66414Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default from 0, < 1.24.0