ApeRAG icon indicating copy to clipboard operation
ApeRAG copied to clipboard
Published 3 months ago verified publisher icon apecloud

Add MseeP.ai badge

Open lwsinclair opened this issue 6 months ago • 1 comments

Hi there,

This pull request shares a security update on ApeRAG.

We also have an entry for ApeRAG in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of ApeRAG.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/apecloud-aperag.

Yours Sincerely,

Lawrence W. Sinclair CEO/SkyDeck AI Founder of MseeP.ai MCP servers you can trust

MseeP.ai Security Assessment Badge

Here are our latest evaluation results of ApeRAG

Security Scan Results

Security Score: 57/100

Risk Level: high

Scan Date: 2025-09-09

Score starts at 100, deducts points for security issues, and adds points for security best practices

Security Findings

Medium Severity Issues

  • semgrep: Detected use of dynamic execution of JavaScript which may come from user-input, which can lead to Cross-Site-Scripting (XSS). Where possible avoid including user-input in functions which dynamically execute user-input.

    • Location: web/src/app/auth/callback/[provider]/page.tsx
    • Line: 65

  • semgrep: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

    • Location: aperag/db/nebula_sync_manager.py
    • Line: 128

  • ... and 6 more medium severity issues

Low Severity Issues

  • semgrep: Use of base64 decoding detected. This might indicate obfuscated code.
  • ... and 6 more low severity issues

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

lwsinclair avatar Sep 09 '25 07:09 lwsinclair

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment

github-actions[bot] avatar Oct 27 '25 00:10 github-actions[bot]