Is ai.smithery/lineex-pubmed-mcp-smithery safe to use?

ai.smithery/lineex-pubmed-mcp-smithery has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install ai.smithery/lineex-pubmed-mcp-smithery?

ai.smithery/lineex-pubmed-mcp-smithery supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with ai.smithery/lineex-pubmed-mcp-smithery?

ai.smithery/lineex-pubmed-mcp-smithery is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is ai.smithery/lineex-pubmed-mcp-smithery actively maintained?

ai.smithery/lineex-pubmed-mcp-smithery is less actively maintained — last commit was 253 days ago.

ai.smithery/lineex-pubmed-mcp-smithery

fastmcp

Search PubMed with precision using keyword and journal filters and smart sorting. Uncover MeSH ter…

0 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 253d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Education Health

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ai-smithery-lineex-pubmed-mcp-smithery": {
      "args": [
        "fastmcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/ai-smithery-lineex-pubmed-mcp-smithery)](https://mcppedia.org/s/ai-smithery-lineex-pubmed-mcp-smithery)

Read me

What ai.smithery/lineex-pubmed-mcp-smithery does

A Model Content Protocol server that provides enhanced tools to search and retrieve academic papers from PubMed database, with additional features such as MeSH term lookup, publication count statistics, and PICO-based evidence search.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

46/100across 5 weighted dimensions

How we score →

0255075100

−54

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is ai.smithery/lineex-pubmed-mcp-smithery safe to use?: ai.smithery/lineex-pubmed-mcp-smithery has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install ai.smithery/lineex-pubmed-mcp-smithery?: ai.smithery/lineex-pubmed-mcp-smithery supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with ai.smithery/lineex-pubmed-mcp-smithery?: ai.smithery/lineex-pubmed-mcp-smithery is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is ai.smithery/lineex-pubmed-mcp-smithery actively maintained?: ai.smithery/lineex-pubmed-mcp-smithery is less actively maintained — last commit was 253 days ago.

Similar servers

Others in education / health

View all →

Arxiv Mcp Server94

A Model Context Protocol server for searching and analyzing arXiv papers

2.8k 4

Notebooklm Mcp93

MCP server for NotebookLM - Let your AI agents (Claude Code, Codex) research documentation directly with grounded, citation-backed answers from Gemini. Persistent auth, library management, cross-client sharing. Zero hallucinations, just your knowledge base.

2.6k 4

io.github.wso2/fhir-mcp-server93

MCP server providing seamless access to FHIR APIs for AI tools and healthcare applications

121 5

Clinicaltrialsgov Mcp Server92

MCP server for the ClinicalTrials.gov v2 API. Search trials, retrieve study details and results, and match patients to eligible trials.

76 7

MCP Security Weekly

Get CVE alerts and security updates for ai.smithery/lineex-pubmed-mcp-smithery and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Education Health

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ai-smithery-lineex-pubmed-mcp-smithery": {
      "args": [
        "fastmcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/ai-smithery-lineex-pubmed-mcp-smithery)](https://mcppedia.org/s/ai-smithery-lineex-pubmed-mcp-smithery)

Read me

What ai.smithery/lineex-pubmed-mcp-smithery does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

PubMed Enhanced Search MCP Server

Features

Search PubMed by keywords with optional journal filter
Support for sorting results by relevance or date (newest/oldest first)
Get MeSH (Medical Subject Headings) terms related to a search word
Get publication counts for multiple search terms (useful for comparing prevalence)
Retrieve detailed paper information including abstract, DOI, authors, and keywords
Perform structured PICO-based searches with support for synonyms and combination queries

Installing

Prerequisites

Python 3.6+
pip

Installation

Clone this repository:

git clone https://github.com/leescot/pubmed-mcp-smithery
cd pubmed-mcp-smithery

Install dependencies:
```
pip install fastmcp requests
```

Usage

Running locally

Start the server:

python pubmed_enhanced_mcp_server.py

For development mode with auto-reloading:

mcp dev pubmed_enhanced_mcp_server.py

Adding to Claude Desktop

Edit your Claude Desktop configuration file (CLAUDE_DIRECTORY/claude_desktop_config.json) to add the server:

"pubmed-enhanced": {
    "command": "python",
    "args": [
        "/path/pubmed-mcp-smithery/pubmed_enhanced_mcp_server.py"
    ]
}

MCP Functions

The server provides these main functions:

search_pubmed - Search PubMed for articles matching keywords with optional journal filtering

# Example
results = await search_pubmed(
    keywords=["diabetes", "insulin resistance"],
    journal="Nature Medicine",
    num_results=5,
    sort_by="date_desc"
)

get_mesh_terms - Look up MeSH terms related to a medical concept
```
# Example
mesh_terms = await get_mesh_terms("diabetes")
```

get_pubmed_count - Get the count of publications for multiple search terms

# Example
counts = await get_pubmed_count(["diabetes", "obesity", "hypertension"])

format_paper_details - Get detailed information about specific papers by PMID

# Example
paper_details = await format_paper_details(["12345678", "87654321"])

pico_search - Perform structured PICO (Population, Intervention, Comparison, Outcome) searches with synonyms

# Example
pico_results = await pico_search(
    p_terms=["diabetes", "type 2 diabetes", "T2DM"],
    i_terms=["metformin", "glucophage"],
    c_terms=["sulfonylurea", "glipizide"],
    o_terms=["HbA1c reduction", "glycemic control"]
)

PICO Search Functionality

The PICO search tool helps researchers conduct evidence-based literature searches by:

Allowing multiple synonym terms for each PICO element
Combining terms within each element using OR operators
Performing AND combinations between elements (P AND I, P AND I AND C, etc.)
Returning both search queries and publication counts for each combination

This approach helps refine research questions and identify the most relevant literature.

Rate Limiting

The server implements automatic retry mechanism with backoff delays to handle potential rate limiting by NCBI's E-utilities service.

License

This project is licensed under the BSD 3-Clause License - see the LICENSE file for details.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

46/100across 5 weighted dimensions

How we score →

0255075100

−54

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is ai.smithery/lineex-pubmed-mcp-smithery safe to use?: ai.smithery/lineex-pubmed-mcp-smithery has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install ai.smithery/lineex-pubmed-mcp-smithery?: ai.smithery/lineex-pubmed-mcp-smithery supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with ai.smithery/lineex-pubmed-mcp-smithery?: ai.smithery/lineex-pubmed-mcp-smithery is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is ai.smithery/lineex-pubmed-mcp-smithery actively maintained?: ai.smithery/lineex-pubmed-mcp-smithery is less actively maintained — last commit was 253 days ago.