Known Vulnerabilities for Mcp Registry by Lfprojects
Listed below are 3 of the newest known vulnerabilities associated with "Mcp Registry" by "Lfprojects".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59891 json | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() re... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-56121 json | Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to... | Not Provided | 2026-06-24 | 2026-07-15 |
| CVE-2026-55700 json | pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled ... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-55596 json | Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provi... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-55180 json | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-con... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-50573 json | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package conte... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-50196 json | Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. ... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-50021 json | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when th... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-50017 json | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-50016 json | pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metad... | Not Provided | 2026-06-25 | 2026-06-26 |