Package impact
npm / @samanhappy/mcphub
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-11287 | critical | 9.8 | 9.8 | 8mo ago | MCPHub has an Improper Authorization vulnerability via its handleSseConnection function | |
| CVE-2025-11285 | high | 8.8 | 8.8 | 8mo ago | MCPHub's ServerController is vulnerable to Command Injection |