Submit an advisory
Report a vulnerability or malicious MCP package.
Submissions are reviewed by Cavexia's security team before publication. Critical issues are usually published within 24 hours after we verify them with the maintainer.
By submitting, you agree that Cavexia may publish a summary of your report. We will credit you using the contact name you provide unless you ask us not to.