Lfprojects Model Context Protocol Servers — known CVE vulnerabilities
Every CVE whose affected-product data names Lfprojects Model Context Protocol Servers, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-68145 — CVSS 9.1 (critical): In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific…
CVE-2025-68143 — CVSS 8.8 (high): Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git…
CVE-2025-68144 — CVSS 7.1 (high): In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git…
CVE-2026-27735 — CVSS 6.5 (medium): Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git…