Hi there,

This pull request shares a security update on astra-db-mcp.

We also have an entry for astra-db-mcp in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of astra-db-mcp.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/datastax-astra-db-mcp.

Yours Sincerely,

Lawrence W. Sinclair
CEO/SkyDeck AI
Founder of MseeP.ai
MCP servers you can trust

Here are our latest evaluation results of astra-db-mcp

Security Scan Results

Security Score: 96/100

Risk Level: low

Scan Date: 2025-06-13

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

Medium Severity

• brace-expansion

  • [{'source': 1105443, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion Regular Expression Denial of Service vulnerability', 'url': 'https://github.com/advisories/GHSA-v6h2-p8h4-qcjw', 'severity': 'low', 'cwe': ['CWE-400'], 'cvss': {'score': 3.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=1.0.0 <=1.1.11'}, {'source': 1105444, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion Regular Expression Denial of Service vulnerability', 'url': 'https://github.com/advisories/GHSA-v6h2-p8h4-qcjw', 'severity': 'low', 'cwe': ['CWE-400'], 'cvss': {'score': 3.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=2.0.0 <=2.0.1'}]
  • Fixed in version: unknown

• esbuild

  • [{'source': 1102341, 'name': 'esbuild', 'dependency': 'esbuild', 'title': 'esbuild enables any website to send any requests to the development server and read the response', 'url': 'https://github.com/advisories/GHSA-67mh-4wv8-2f99', 'severity': 'moderate', 'cwe': ['CWE-346'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '<=0.24.2'}]
  • Fixed in version: unknown

• vite

  • [{'source': 1103884, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite has an server.fs.deny bypass with an invalid request-target', 'url': 'https://github.com/advisories/GHSA-356w-63v5-8wf4', 'severity': 'moderate', 'cwe': ['CWE-200'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=5.0.0 <5.4.18'}, {'source': 1104173, 'name': 'vite', 'dependency': 'vite', 'title': "Vite's server.fs.deny bypassed with /. for files under project root", 'url': 'https://github.com/advisories/GHSA-859w-5945-r5v3', 'severity': 'moderate', 'cwe': ['CWE-22'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=5.0.0 <=5.4.18'}, 'esbuild']
  • Fixed in version: unknown

Security Findings

Medium Severity Issues

• semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.
  • Location: tools/OpenBrowser.ts
  • Line: 15

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.