mcp-memory-service 10.20.1

Direct Vulnerabilities

Known vulnerabilities in the mcp-memory-service package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Permissive Cross-domain Policy with Untrusted Domains mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the `create_app` CORSMiddleware setup in `src/mcp_memory_service/web/app.py` that defaults `MCP_CORS_ORIGINS` to wildcard origins and leaves `allow_credentials` enabled. An attacker can exfiltrate and tamper with all stored memory by hosting malicious JavaScript that issues cross-origin fetches, since the service responds with `Access-Control-Allow-Origin: *` and honors anonymous requests. How to fix Permissive Cross-domain Policy with Untrusted Domains? Upgrade `mcp-memory-service` to version 10.25.1 or higher.	[,10.25.1)
M Information Exposure mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Information Exposure in the `/api/health/detailed` endpoint when `MCP_ALLOW_ANONYMOUS_ACCESS=true` is set, allowing unauthenticated users to access detailed system and environment information, including OS version, Python version, CPU count, memory and disk statistics, and the full database filesystem path. An attacker can obtain sensitive reconnaissance data by sending unauthenticated requests to this endpoint. How to fix Information Exposure? Upgrade `mcp-memory-service` to version 10.21.0 or higher.	[,10.21.0)

Vulnerability

Vulnerable Version

Permissive Cross-domain Policy with Untrusted Domains

mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost.

Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the create_app CORSMiddleware setup in src/mcp_memory_service/web/app.py that defaults MCP_CORS_ORIGINS to wildcard origins and leaves allow_credentials enabled. An attacker can exfiltrate and tamper with all stored memory by hosting malicious JavaScript that issues cross-origin fetches, since the service responds with Access-Control-Allow-Origin: * and honors anonymous requests.

How to fix Permissive Cross-domain Policy with Untrusted Domains?

Upgrade mcp-memory-service to version 10.25.1 or higher.

[,10.25.1)

Information Exposure

mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost.

Affected versions of this package are vulnerable to Information Exposure in the /api/health/detailed endpoint when MCP_ALLOW_ANONYMOUS_ACCESS=true is set, allowing unauthenticated users to access detailed system and environment information, including OS version, Python version, CPU count, memory and disk statistics, and the full database filesystem path. An attacker can obtain sensitive reconnaissance data by sending unauthenticated requests to this endpoint.

How to fix Information Exposure?

Upgrade mcp-memory-service to version 10.21.0 or higher.

[,10.21.0)

mcp-memory-service@10.20.1

Semantic memory layer for AI applications. REST API + MCP transport + knowledge graph + autonomous consolidation. Works with 14+ AI clients. Self-host, zero cloud cost.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically