| Version | Supported |
|---|---|
| Current registry | Active |
Please do NOT report security vulnerabilities as public GitHub issues.
We use GitHub's private security advisory feature:
- Go to Security Advisories
- Click "Report a vulnerability"
- Fill in the details
Alternatively, email: security@mcpambassador.dev
- Malicious MCP entries (exfiltrating credentials, executing unauthorized code)
- Entries with shell injection patterns in command fields
- Typosquatting domains mimicking legitimate MCP servers
- Entries pointing to compromised or malicious endpoints
- OAuth configurations designed to steal tokens
- Acknowledge within 48 hours
- Remove or disable malicious entries immediately upon confirmation
- Notify affected users if possible
- MCP servers that are temporarily offline
- Entries with incorrect but non-malicious metadata
- Feature disagreements about categorization