GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
The @jsonbored/gittensory-mcp package version 0.1.0 and earlier contains an access control vulnerability on the contributor profile endpoint and MCP tool. Authenticated users can access other…
Read the full articleYou might also wanna read

A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope
A dormant contributor account was used to republish the entire @mastra npm scope, each injected with a single dependency, easy-day-js, that
Patching Vulnerabilities Leaves Exposed Credentials Valid Across Multiple Systems
Security researchers highlight a critical gap in incident response: patching an exploited vulnerability stops one attack path but does nothi

Golang security: access restriction bypass vulnerability in JWT
Back in July, the Snyk security team was alerted about a potential security issue in the JWT package. This package provides a Go implementat
MCP Snitch: Security Monitoring Tool for Model Context Protocol Environments
Real-time security monitoring for MCP tools. Protect API keys, whitelist tool calls, and maintain complete control over your MCP environment
MCP Credential & Secret Management: Securing API Keys, Tokens, and Passwords
How to securely manage credentials in MCP servers.
How a Compromised Next.js Dependency Led to Server Hacking and Monero Mining
I got hacked, my server started mining Monero this morning.

Comments
Sign in to join the conversation.
No comments yet. Be the first.