Enter an MCP server package name or URL. Try "@anthropic/mcp-server-filesystem" or "unknown/mcp-server-suspicious"
Critical security flaws discovered in the MCP ecosystem. These are not theoretical — they're being exploited now.
Unauthenticated remote code execution via STDIO misconfiguration. Affects Anthropic SDKs, LiteLLM, LangChain.
Unsanitized child_process.exec allows arbitrary system commands under server privileges.
Command injection attacks in MCP operations on affected v0.3.0 servers.
Client-side RCE via malicious authorization_endpoint in mcp-remote v0.0.5-0.1.15.
Other tools only scan before deployment. MCPGuard watches your live connections too.
Real-time check against all known MCP CVEs and security advisories.
Detect consent bypass, static client IDs, and redirect URI vulnerabilities.
Find command injection and prompt injection vectors before they reach your AI.
Audit npm packages, maintainer history, dependency trees, and update cadence.
Watch live MCP connections for suspicious API calls, token misuse, and privilege escalation.
Get notified when a connected server starts behaving differently than its scan report.
From scan to safe connection in under 30 seconds.
Enter the MCP server package name or URL. We check it against our vulnerability database.
Get a detailed security report with risk score, CVE matches, and severity breakdown.
Only connect servers that pass. Runtime monitoring keeps watching after deployment.
Start free. Upgrade when you need more.
Every MCP server you add is a potential attack vector. Scan first. Connect second. Monitor always.