Is Era5 Mcp Server safe to use?

Era5 Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Era5 Mcp Server?

Era5 Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Era5 Mcp Server do?

Era5 Mcp Server provides 3 tools: fetch_era5_single_levels, fetch_era5_pressure_levels, inspect_netcdf. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Era5 Mcp Server?

Era5 Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Era5 Mcp Server actively maintained?

Era5 Mcp Server is less actively maintained — last commit was 134 days ago. It has 11 GitHub stars.

Era5 Mcp Server

Name: Era5 Mcp Server
Author: swnesbitt

jupyterlab · by swnesbitt

11 3 tools GitHub PyPI

No known CVEs

MIT license

Maintained

Last commit 134d ago

Works with most clients

Transport: stdio

3 tools · ~458 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Data Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "era5-mcp-server": {
      "args": [
        "jupyterlab"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/era5-mcp-server)](https://mcppedia.org/s/era5-mcp-server)

Read me

What Era5 Mcp Server does

This project provides a ready-to-run MCP (Model Context Protocol) server that interfaces with the Copernicus Climate Data Store (CDS). It allows you to use natural language in an AI assistant (like Gemini CLI or Claude Desktop) to fetch and inspect ERA5 climate data.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'jupyterlab' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

80/100across 5 weighted dimensions

How we score →

0255075100

−20

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-42557medium · fixedCVSS 4

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all click events on `document.body` and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submit

Affected: >= 0Fixed in 4.5.7source →

CVE-2026-42266low · fixedCVSS 3.1

JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages - have the kernel and terminals disabled or delegated to remote hosts (thus no access to install pack

Affected: >= 4.0.0Fixed in 4.5.7source →

CVE-2026-40171medium · fixedCVSS 4

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitra

Affected: >= 7.0.0Fixed in 7.5.6source →

CVE-2025-59842medium · fixedCVSS 4

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if: - links generated by those extensions included `target=_blank` (no such extensions are known at time of writing) and - they were to click on a link genera

Affected: >= 0Fixed in 4.4.8source →

CVE-2024-43805low · fixedCVSS 3.1

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

### Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. ### Patches JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched. ### Workarounds There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins

Affected: >= 0Fixed in 3.6.8source →

Inventory

Tools (3)

Click any tool to inspect its schema.

~458 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Era5 Mcp Server safe to use?: Era5 Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Era5 Mcp Server?: Era5 Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Era5 Mcp Server do?: Era5 Mcp Server provides 3 tools: fetch_era5_single_levels, fetch_era5_pressure_levels, inspect_netcdf. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Era5 Mcp Server?: Era5 Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Era5 Mcp Server actively maintained?: Era5 Mcp Server is less actively maintained — last commit was 134 days ago. It has 11 GitHub stars.

Similar servers

Others in data / maps

View all →

PostgreSQL MCP Server98

Query and manage PostgreSQL databases directly from AI assistants

86.4k 1

Mcp Server Qdrant96

An official Qdrant Model Context Protocol (MCP) server implementation

1.4k 2

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.4k 4

Supabase MCP Server95

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

MCP Security Weekly

Get CVE alerts and security updates for Era5 Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Data Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "era5-mcp-server": {
      "args": [
        "jupyterlab"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/era5-mcp-server)](https://mcppedia.org/s/era5-mcp-server)

Read me

What Era5 Mcp Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'jupyterlab' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

ERA5 Climate Data MCP Server

Features

Easy Data Download: Fetch monthly-averaged ERA5 data for both single levels (e.g., surface temperature) and pressure levels (e.g., geopotential height at 500hPa).
Multi-Year Fetching: Download data for the same month across multiple years in a single request.
Data Inspection: Quickly inspect the contents (dimensions, coordinates, variables) of any downloaded NetCDF file.

1. Setup Copernicus API Key

Before using the server, you must have a Copernicus account and an API key.

Register: Create an account on the CDS Website.
Get Key: Log in and find your API key at the bottom of your user profile page (e.g., https://cds.climate.copernicus.eu/user/YOUR_USER_ID).
Create .cdsapirc file: Create a file named .cdsapirc in your home directory (~/.cdsapirc on Linux/macOS, C:\Users\YourUser\.cdsapirc on Windows).
Add Credentials: Add your API key to the file in the following format, replacing YOUR_UID and YOUR_API_KEY with your actual values:
```
url: https://cds.climate.copernicus.eu/api/v2
key: YOUR_UID:YOUR_API_KEY
```
Accept Terms: For each dataset you want to access (reanalysis-era5-single-levels-monthly-means and reanalysis-era5-pressure-levels-monthly-means), you must visit its page on the CDS website and accept the terms of use manually. The server cannot do this for you.

2. Installation

A requirements.txt file is provided to install all necessary dependencies.

# Create and activate a Python virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # On macOS/Linux
# .\venv\Scripts\activate  # On Windows

# Install the required packages
pip install -r requirements.txt

3. Available Tools

This server exposes the following tools to your AI assistant:

`fetch_era5_single_levels`

Downloads ERA5 monthly mean surface data.

Parameters:
- variable (str): The surface variable to download (e.g., '2m_temperature').
- year (str): The year for the data (e.g., '2023').
- month (str): The month for the data (e.g., '01', '12').
- output_filename (str): The local path to save the file (e.g., 'data/2m_temp_2023_01.nc').

`fetch_era5_pressure_levels`

Downloads ERA5 monthly mean data on specific pressure levels.

Parameters:
- variable (str): The variable to download (e.g., 'geopotential', 'temperature').
- pressure_level (int): The pressure level in hPa (e.g., 500, 850).
- year (str or list[str]): The year(s) for the data. Can be a single year ('2023') or a list of years for multi-year downloads (['2020', '2021', '2022']).
- month (str): The month for the data (e.g., '03').
- output_filename (str): The local path to save the file.

`inspect_netcdf`

Inspects a NetCDF file and returns a summary of its contents.

Parameters:
- filepath (str): The absolute path to the .nc file to inspect.

4. Running the Server

Once installed, you can run the MCP server directly from your terminal. This will make the tools available to your connected AI assistant.

python era5_server.py

To add the server to your assistant permanently:

Gemini CLI: gemini tools add era5_server.py
Claude: Add a new tool and point it to the server's OpenAPI specification. By default, the server runs on localhost:8000, and the specification is available at http://localhost:8000/openapi.json.
Other MCP-compatible clients: Follow their instructions for adding a local tool server.

5. Testing the Server

A Jupyter notebook, `te

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

80/100across 5 weighted dimensions

How we score →

0255075100

−20

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-42557medium · fixedCVSS 4

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

Affected: >= 0Fixed in 4.5.7source →

CVE-2026-42266low · fixedCVSS 3.1

JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

Affected: >= 4.0.0Fixed in 4.5.7source →

CVE-2026-40171medium · fixedCVSS 4

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Affected: >= 7.0.0Fixed in 7.5.6source →

CVE-2025-59842medium · fixedCVSS 4

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Affected: >= 0Fixed in 4.4.8source →

CVE-2024-43805low · fixedCVSS 3.1

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Affected: >= 0Fixed in 3.6.8source →

Inventory

Tools (3)

Click any tool to inspect its schema.

~458 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Era5 Mcp Server safe to use?: Era5 Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Era5 Mcp Server?: Era5 Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Era5 Mcp Server do?: Era5 Mcp Server provides 3 tools: fetch_era5_single_levels, fetch_era5_pressure_levels, inspect_netcdf. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Era5 Mcp Server?: Era5 Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Era5 Mcp Server actively maintained?: Era5 Mcp Server is less actively maintained — last commit was 134 days ago. It has 11 GitHub stars.