Skip to content

Security: Transitive dependencies with known vulnerabilities in @modelcontextprotocol/sdk@1.29.0 #2042

Open
Open
Security: Transitive dependencies with known vulnerabilities in @modelcontextprotocol/sdk@1.29.0#2042
@morozow

Description

@morozow
morozow
opened on May 10, 2026

Summary

@modelcontextprotocol/sdk@1.29.0 ships with transitive dependencies that have known security vulnerabilities. Downstream consumers running npm audit --audit-level=high get a non-zero exit code, breaking CI pipelines.

Affected dependencies

Package Installed Fixed Severity Advisory
fast-uri 3.1.0 (via ajv@8.18.0) ≥3.1.2 high GHSA-q3j6-qgpj-74h6, GHSA-v39h-62p7-jpjc
hono 4.12.14 ≥4.12.18 moderate GHSA-9vqf-7f2p-gf9v, GHSA-69xw-7hcm-h432, GHSA-qp7p-654g-cw7p, GHSA-hm8q-7f3q-5f36, GHSA-p77w-8qqv-26rm
ip-address 10.1.0 (via express-rate-limit@8.4.0) ≥10.2.0 moderate GHSA-v2v4-37r5-5v8g
express-rate-limit 8.4.0 ≥8.5.1 moderate Depends on vulnerable ip-address

Dependency chain

@modelcontextprotocol/sdk@1.29.0
├── ajv@8.18.0
│   └── fast-uri@3.1.0          ← HIGH: path traversal, host confusion
├── hono@4.12.14                ← moderate: bodyLimit bypass, JSX injection, JWT validation, cache leakage
├── @hono/node-server@1.19.14
│   └── hono@4.12.14 (deduped)
└── express-rate-limit@8.4.0
    └── ip-address@10.1.0       ← moderate: XSS in Address6

Reproduction

mkdir repro && cd repro
npm init -y
npm install @modelcontextprotocol/sdk@1.29.0
npm audit --audit-level=high
# Exit code: 1

Suggested fix

All existing semver ranges in the SDK's package.json already allow the fixed versions. A lockfile regeneration or minimum version bump in package.json resolves all four:

// package.json (suggested minimum version bumps)
{
  "dependencies": {
    "ajv": "^8.18.0",              // fast-uri ^3.0.1 resolves to 3.1.2 ✓
    "hono": "^4.12.18",           // was ^4.11.4
    "express-rate-limit": "^8.5.1" // was ^8.2.1, pulls ip-address ≥10.2.0
  }
}

No breaking changes — all fixes are patch/minor semver-compatible.

Impact

Any downstream project with npm audit in CI (standard security practice) fails on --audit-level=high due to fast-uri. This blocks releases and forces consumers to add overrides as a workaround.

Workaround (for downstream consumers)

// package.json
{
  "overrides": {
    "fast-uri": ">=3.1.2",
    "hono": ">=4.12.18",
    "ip-address": ">=10.2.0",
    "express-rate-limit": ">=8.5.1"
  }
}

Environment

  • @modelcontextprotocol/sdk: 1.29.0 (latest as of 2025-05-11)
  • Node.js: 22.x
  • npm: 10.x
  • OS: Ubuntu 24.04 (CI), macOS 15 (local)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions