Security: zereight/gitlab-mcp
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
DNS rebinding reaches local Streamable HTTP MCP transportGHSA-vmp7-252j-cwp7 published
Jul 3, 2026 by zereightCritical -
Server-Side Request Forgery (SSRF) in zereight/mcp-gitlabGHSA-2h44-8472-frjj published
Jul 1, 2026 by zereightCritical -
Unauthenticated arbitrary file read via `upload_markdown` enables PAT exfiltration and full account takeoverGHSA-cv3r-c5h8-f4g5 published
Jun 22, 2026 by zereightCritical
Learn more about advisories related to zereight/gitlab-mcp in the GitHub Advisory Database