Report a Vulnerability | The Vulnerable MCP Project

How it works: Fill out the form below and click "Submit to GitHub." This will open a pre-filled GitHub issue in a new tab. No backend or API keys are involved — your report goes directly to our GitHub repository for review. You'll need a GitHub account to submit.

Vulnerability Details

Vulnerability Title *

Severity *

Category *

Reported By *

Discovery Date *

Exploitability

Impact Score (1-10)

Affected Components

MCP Client MCP Server MCP Protocol MCP Ecosystem

Tags Comma-separated tags from the standardized vocabulary

Source URL Link to the original research, advisory, or writeup

CVE ID(s)

Affected MCP Server(s) Specific MCP server implementations affected (if known)

Description *

Preview

This is how your report will appear in the GitHub issue.

Fill in the fields above to see a preview of your GitHub issue.

Other Ways to Contribute

Direct Pull Request

If you're comfortable with JSON and Git, you can submit a PR directly to data/vulnerabilities.json following the v2 schema.

View Repository

Contribution Guide

Read the full guide for detailed instructions on the schema, taxonomy, validation, and review process.

Read Guide