CVE-2025-53818: GitHub Kanban MCP Server vulnerable to Command Injection
The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation.
References
- github.com/Sunwood-ai-labs/github-kanban-mcp-server
- github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/comment-handlers.ts
- github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/tool-handlers.ts
- github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/v0.4.0/src/handlers/comment-handlers.ts
- github.com/Sunwood-ai-labs/github-kanban-mcp-server/security/advisories/GHSA-6jx8-rcjx-vmwf
- github.com/advisories/GHSA-6jx8-rcjx-vmwf
- nvd.nist.gov/vuln/detail/CVE-2025-53818
Code Behaviors & Features
Detect and mitigate CVE-2025-53818 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →