VulnerableMCP
A comprehensive database of Model Context Protocol vulnerabilities, security research, and exploits
What is VulnerableMCP?
VulnerableMCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to comprehensive database of model context protocol vulnerabilities, security research, and exploits
A comprehensive database of Model Context Protocol vulnerabilities, security research, and exploits
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A comprehensive database of Model Context Protocol vulnerabi
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx vulnerablemcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use VulnerableMCP
VulnerableMCP is a community-maintained knowledge base and static website cataloguing known vulnerabilities, security research, and exploits specific to the Model Context Protocol ecosystem. It provides a structured taxonomy of MCP attack vectors — including prompt injection, tool poisoning, and data exfiltration patterns — so security researchers, red teams, and MCP server developers can understand, reproduce, and defend against real threats. The project is a reference resource rather than a runtime server, making it valuable for anyone building or auditing MCP-based systems.
Prerequisites
- Node.js 18 or higher (for local development and building the static site)
- Git to clone the repository
- A modern web browser to view the rendered vulnerability database
- Familiarity with MCP concepts and security research terminology
Clone the repository
Clone the VulnerableMCP repository to get the vulnerability database, taxonomy definitions, and static site source.
git clone https://github.com/vineethsai/vulnerablemcp.git
cd vulnerablemcpInstall dependencies
Install Node.js packages required to build the static site and run the development server.
npm installBuild the static site
Generate the static HTML pages from the vulnerability data and EJS templates. Output goes to the dist/ directory.
npm run buildRun the local development server
Start a local preview server on port 3000 to browse the vulnerability database in your browser.
npm run devValidate and check entries
When contributing new vulnerability entries, validate the JSON schema and check that all referenced URLs are live before opening a pull request.
npm run validate
npm run check-linksVulnerableMCP Examples
Vulnerability entry structure
Example of a well-formed vulnerability entry in data/vulnerabilities.json that follows the project taxonomy.
{
"id": "VMCP-2024-001",
"title": "Prompt Injection via Tool Description Override",
"severity": "high",
"category": "prompt-injection",
"description": "An attacker controls a malicious MCP server that injects instructions into tool descriptions, causing the LLM to exfiltrate data.",
"affected": ["claude-desktop", "cursor"],
"references": ["https://example.com/research"]
}Prompts to try
Research questions and use cases when studying the vulnerability database.
- "Show me all high-severity MCP vulnerabilities related to prompt injection"
- "What are known tool poisoning attack patterns in MCP servers?"
- "Which MCP clients have been affected by data exfiltration vulnerabilities?"
- "Summarize the taxonomy of MCP attack categories documented in VulnerableMCP"Troubleshooting VulnerableMCP
npm run build fails with template errors
Ensure data/vulnerabilities.json is valid JSON and conforms to the schema in data/taxonomy.json. Run `npm run validate` first to catch schema violations before building.
Local dev server does not reload changes
The dev server watches template and data files. If changes are not reflected, stop the server (Ctrl+C), run `npm run build` manually, then restart with `npm run dev`.
Frequently Asked Questions about VulnerableMCP
What is VulnerableMCP?
VulnerableMCP is a Model Context Protocol (MCP) server that comprehensive database of model context protocol vulnerabilities, security research, and exploits It connects AI assistants to external tools and data sources through a standardized interface.
How do I install VulnerableMCP?
Follow the installation instructions on the VulnerableMCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with VulnerableMCP?
VulnerableMCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is VulnerableMCP free to use?
Yes, VulnerableMCP is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
VulnerableMCP Alternatives — Similar Security Servers
Looking for alternatives to VulnerableMCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up VulnerableMCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use VulnerableMCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.