74
/ 100
25 days ago
glama

osv-ui-mcp

Visual CVE audit dashboard for npm, Python, Go, and Rust projects. Scans your project manifests (package-lock.json, requirements.txt, go.sum, Cargo.lock) against OSV.dev live data, opens a browser dashboard for human review, then applies fixes only after explicit confirmation. Supports multi-service monorepos in one command.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tests do not pass
Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
// known CVEs in dependencies2 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

lowexpress@4.18.2GHSA-qw6h-vgh9-j6wx

express vulnerable to XSS via response.redirect()

lowexpress@4.18.2GHSA-rv95-896h-c2vc

Express.js Open Redirect in malformed URLs

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/toan203-osv-ui-14elbs)](https://m8ven.ai/mcp/toan203-osv-ui-14elbs)
commit: 062381dfa0faff820d99a43e3a3a3fec59969cb3
code hash: ac4e3c7c3f2f1104c4d44ace56c51600d45afe4693a98b741ad49ed6d25412fe
verified: 6/15/2026, 2:28:42 PM
view raw JSON →