Security: zereight/gitlab-mcp
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Multiple safety-control bypasses in @zereight/mcp-gitlab: execute_graphql read-only + allow-list bypass, unauthenticated transports, session-exhaustion DoSGHSA-5648-rgj9-v224 published
Jul 5, 2026 by zereightHigh -
DNS rebinding reaches local Streamable HTTP MCP transportGHSA-vmp7-252j-cwp7 published
Jul 3, 2026 by zereightCritical -
Server-Side Request Forgery (SSRF) in zereight/mcp-gitlabGHSA-2h44-8472-frjj published
Jul 1, 2026 by zereightCritical -
Unauthenticated arbitrary file read via `upload_markdown` enables PAT exfiltration and full account takeoverGHSA-cv3r-c5h8-f4g5 published
Jun 22, 2026 by zereightCritical
Learn more about advisories related to zereight/gitlab-mcp in the GitHub Advisory Database