mcp-markdownify-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mcp-markdownify-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2025-58358 — CVSS 7.5 (high): Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection…
CVE-2025-5276 — CVSS 7.4 (high): Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get()…
CVE-2025-5273 — CVSS 6.5 (medium): All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the…