CohumanSpace
Add MseeP.ai badge
Hi there,
This pull request shares a security update on digimon-engine.
We also have an entry for digimon-engine in our directory, MseeP.ai, where we provide regular security and trust updates on your app.
We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of digimon-engine.
You can easily take control over your listing for free: visit it at https://mseep.ai/app/cohumanspace-digimon-engine.
Yours Sincerely,
Lawrence W. Sinclair CEO/SkyDeck AI Founder of MseeP.ai MCP servers you can trust
Here are our latest evaluation results of digimon-engine
Security Scan Results
Security Score: 73/100
Risk Level: moderate
Scan Date: 2025-05-08
Score starts at 100, deducts points for security issues, and adds points for security best practices
Detected Vulnerabilities
High Severity
-
@google-cloud/compute
- ['google-gax']
- Fixed in version: unknown
-
@google-cloud/scheduler
- ['google-gax']
- Fixed in version: unknown
-
@google-cloud/secret-manager
- ['google-gax']
- Fixed in version: unknown
-
google-gax
- ['protobufjs']
- Fixed in version: unknown
-
protobufjs
- [{'source': 1097722, 'name': 'protobufjs', 'dependency': 'protobufjs', 'title': 'protobufjs Prototype Pollution vulnerability', 'url': 'https://github.com/advisories/GHSA-h755-8qp9-cq85', 'severity': 'critical', 'cwe': ['CWE-1321'], 'cvss': {'score': 9.8, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'range': '>=7.0.0 <7.2.5'}]
- Fixed in version: unknown
Medium Severity
-
@babel/helpers
- [{'source': 1104001, 'name': '@babel/helpers', 'dependency': '@babel/helpers', 'title': 'Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups', 'url': 'https://github.com/advisories/GHSA-968p-4wvh-cqc8', 'severity': 'moderate', 'cwe': ['CWE-1333'], 'cvss': {'score': 6.2, 'vectorString': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '<7.26.10'}]
- Fixed in version: unknown
-
esbuild
- [{'source': 1102341, 'name': 'esbuild', 'dependency': 'esbuild', 'title': 'esbuild enables any website to send any requests to the development server and read the response', 'url': 'https://github.com/advisories/GHSA-67mh-4wv8-2f99', 'severity': 'moderate', 'cwe': ['CWE-346'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '<=0.24.2'}]
- Fixed in version: unknown
-
vite
- [{'source': 1102438, 'name': 'vite', 'dependency': 'vite', 'title': 'Websites were able to send any requests to the development server and read the response in vite', 'url': 'https://github.com/advisories/GHSA-vg6x-rcgg-rjx6', 'severity': 'moderate', 'cwe': ['CWE-346', 'CWE-350', 'CWE-1385'], 'cvss': {'score': 6.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <=6.0.8'}, {'source': 1103518, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite bypasses server.fs.deny when using ?raw??', 'url': 'https://github.com/advisories/GHSA-x574-m823-4x7w', 'severity': 'moderate', 'cwe': ['CWE-200', 'CWE-284'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <6.0.12'}, {'source': 1103629, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite has a
server.fs.denybypassed forinlineandrawwith?importquery', 'url': 'https://github.com/advisories/GHSA-4r4m-qw57-chr8', 'severity': 'moderate', 'cwe': ['CWE-200', 'CWE-284'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <6.0.13'}, {'source': 1103885, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite has anserver.fs.denybypass with an invalidrequest-target', 'url': 'https://github.com/advisories/GHSA-356w-63v5-8wf4', 'severity': 'moderate', 'cwe': ['CWE-200'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=6.0.0 <6.0.15'}, {'source': 1104174, 'name': 'vite', 'dependency': 'vite', 'title': "Vite's server.fs.deny bypassed with /. for files under project root", 'url': 'https://github.com/advisories/GHSA-859w-5945-r5v3', 'severity': 'moderate', 'cwe': ['CWE-22'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=6.0.0 <=6.1.5'}, {'source': 1104203, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite allows server.fs.deny to be bypassed with .svg or relative paths', 'url': 'https://github.com/advisories/GHSA-xcj6-pq6g-qj4x', 'severity': 'moderate', 'cwe': ['CWE-200', 'CWE-284'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <6.0.14'}, 'esbuild'] - Fixed in version: unknown
- [{'source': 1102438, 'name': 'vite', 'dependency': 'vite', 'title': 'Websites were able to send any requests to the development server and read the response in vite', 'url': 'https://github.com/advisories/GHSA-vg6x-rcgg-rjx6', 'severity': 'moderate', 'cwe': ['CWE-346', 'CWE-350', 'CWE-1385'], 'cvss': {'score': 6.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <=6.0.8'}, {'source': 1103518, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite bypasses server.fs.deny when using ?raw??', 'url': 'https://github.com/advisories/GHSA-x574-m823-4x7w', 'severity': 'moderate', 'cwe': ['CWE-200', 'CWE-284'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}, 'range': '>=6.0.0 <6.0.12'}, {'source': 1103629, 'name': 'vite', 'dependency': 'vite', 'title': 'Vite has a
-
... and 2 more medium severity vulnerabilities
Security Findings
Medium Severity Issues
-
semgrep: Potential NoSQL injection. Validate and sanitize user input.
- Location: core/database/mongodb.ts
- Line: 92
This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.
