Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"at-designare-knowledge": {
"args": [
"-y",
"serve"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Source-Code von designare.at – der persönlichen Web- & KI-Spielwiese von Michael Kanda, Komplize für Web & KI aus Wien.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'serve' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
vercel/serve allows access to restricted files if filename is URL encoded.
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Cross-Site Scripting in serve
Versions of `serve` prior to 10.0.2 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. ## Recommendation Upgrade to version 10.0.2 or later.
Cross-Site Scripting in serve
Versions of `serve` prior to 10.0.2 are vulnerable to Cross-Site Scripting (XSS). The package does not encode output, allowing attackers to execute arbitrary JavaScript in the victim's browser if user-supplied input is rendered. ## Recommendation Upgrade to version 10.0.2 or later.
Path Traversal in serve
Versions of `serve` prior to 10.1.2 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through relative paths, which allows attackers to access hidden folders and files. ## Recommendation Upgrade to version 10.1.2 or later.
Byass due to validation before canonicalization in serve
Versions of `serve` before 6.5.2 are vulnerable to the bypass of the ignore functionality. The bypass is possible because validation happens before canonicalization of paths and filenames. Example: Here we have a server that ignores the file test.txt. ``` const serve = require('serve') const server = serve(__dirname, { port: 1337, ignore: ['test.txt'] }) ``` Using the URL encoded form of a letter (%65 instead of e) attacker can bypass the ignore control accessing the file. `cur
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in search
Web and local search using Brave Search API
Token efficient search for coding agents over public and private documentation.
MCP server for local codebase indexing, semantic search, and code dependency graphs.
An autonomous agent that conducts deep research on any data using any LLM providers
MCP Security Weekly
Get CVE alerts and security updates for at.designare/knowledge and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.