GSA_kwCzR0hTQS1mcnE5LTNocDIteHZ4Z84ABIfE

Moderate CVSS: 6.9 EPSS: 0.00035% (0.08774 Percentile) EPSS:

Permalink JSON

Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function

Affected Packages	Affected Versions	Fixed Versions
npm:mcp-markdownify-server	<= 0.0.1	No known fixed version
0 Dependent packages 0 Dependent repositories 75 Downloads last month Affected Version Ranges All affected versions 0.0.1

All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

References:

Identifiers

GHSA-frq9-3hp2-xvxg

CVE-2025-5276

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P

EPSS

EPSS Percentage: 0.00035

EPSS Percentile: 0.08774

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/zcaceres/markdownify-mcp

Date and time

Published

2 months ago

Updated

2 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories