Advisories for Pypi/Mcp-Run-Python package

Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime (Pyodide) and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without restricting access to the JavaScript bridge. This allows any executed Python code—whether from a user or an AI model—to access the js module in Pyodide. Through this bridge, the Python …

Server-Side Request Forgery (SSRF): A security vulnerability exists in the mcp-run-python tool (specifically within the Pydantic-AI integration) due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted Python code—with network permissions that include access to the host's loopback interface (localhost). Consequently, malicious Python code executed through the tool can bypass network isolation and send HTTP requests to internal …