74
/ 100
1 month ago
glama

brightspace-mcp-server-ddd

Enables interaction with D2L Brightspace through the MCP protocol, supporting multi-strategy authentication and opt-in write operations.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 1 critical
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: BRIGHTSPACE_API_TOKEN, BRIGHTSPACE_TOTP_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 critical3 medium1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@4.0.0GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

mediummermaid@11.14.0GHSA-87f9-hvmw-gh4p

Mermaid: Improper sanitization of configuration leads to CSS injection

mediummermaid@11.14.0GHSA-ghcm-xqfw-q4vr

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

mediummermaid@11.14.0GHSA-xcj9-5m2h-648r

Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

lowmermaid@11.14.0GHSA-6m6c-36f7-fhxh

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configBRIGHTSPACE_ALLOW_HTTP_LOCALHOST
🔐 secretBRIGHTSPACE_API_TOKENtoken-ref env:
configBRIGHTSPACE_AUDIT_LOG
configBRIGHTSPACE_NO_UPDATE_CHECK
🔐 secretBRIGHTSPACE_TOTP_SECRETsecret_ref: env:
configEDITORConfig Profile summary, field-by-field form editor (dropdowns from schema) or $
configVISUAL
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/jhostinaleck-brightspace-mcp-1id4s7)](https://m8ven.ai/mcp/jhostinaleck-brightspace-mcp-1id4s7)
commit: 6d3b6556eca4752ce34ff3ed582a900a71032bd6
code hash: 57d6ddea8d286b3e73e1236ef754ce9db71068873b12d4f51e77d83e4d775bb2
verified: 6/10/2026, 10:42:02 AM
view raw JSON →