Git Mcp Server

Name: Git Mcp Server
Rating: 4.4 (1 reviews)
Author: cyanheads

An MCP (Model Context Protocol) server enabling LLMs and AI agents to interact with Git repositories. Provides tools for comprehensive Git operations including clone, commit, branch, diff, log, status, push, pull, merge, rebase, worktree, tag management, and more, via the MCP standard. STDIO & HTTP.

ActiveNot tested

AI / ML

★ 206↓ 2.5k/wknpm GitHub

88No CVEsactive28 toolsApache-2.0

Quick Install

{
  "mcpServers": {
    "git-mcp-server": {
      "env": {
        "LOGS_DIR": "~/Developer/logs/git-mcp-server/",
        "GIT_EMAIL": "casey@caseyjhand.com",
        "GIT_BASE_DIR": "~/Developer/",
        "GIT_USERNAME": "cyanheads",
        "MCP_LOG_LEVEL": "info",
        "GIT_SIGN_COMMITS": "true",
        "MCP_TRANSPORT_TYPE": "stdio"
      },
      "args": [
        "@cyanheads/git-mcp-server@latest"
      ],
      "type": "stdio",
      "command": "npx"
    }
  }
}

Setup guide

Should you use this server?

✓

Is it safe?

No known CVEs for @cyanheads/git-mcp-server. 1 previously resolved.

No authentication — any process on your machine can connect.

Apache-2.0. View license →

✓

Is it maintained?

Last commit 12 days ago. 206 stars. 2,487 weekly downloads.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Context cost

28 tools. ~700 tokens (0.4% of 200K). Consider loading selectively.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Score Breakdown

MCPpedia Score

Click each category to see evidence

88A

Last scored 1d ago

How we score →

Security

30/30

No open vulnerabilities. 1 fixed CVE.

✓

Known CVEs — No known CVEs for @cyanheads/git-mcp-servercheck OSV.dev

○

Tool safety — Found: side effects, 28 tools without schema

✓

Tool poisoning — No poisoning indicators detected

✓

Injection vectors — No injection vectors detected

✓

Tool stability

Tools (28)

git_init

Initialize a new git repository

git_clone

Clone a repository from a remote source

git_status

Check the status of a repository

git_clean

Clean untracked files from the repository

git_add

Stage changes for commit

git_commit

Create a commit with staged changes

git_diff

Compare changes between versions

git_log

View commit history

git_show

Inspect git objects

git_blame

Trace authorship of file changes

Resources (1)

Git Working Directory

The current session working directory, set via git_set_working_dir

git://working-directory

Prompts (1)

Git Wrap-up

Workflow protocol for completing git sessions: review, document, commit, and tag changes

Help improve this page

This server is missing a description.If you've used it, help the community.

Add information

— Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✓

License — License: Apache-2.0

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2025-53107Fixed

@cyanheads/git-mcp-server vulnerable to command injection in several tools

### Summary A command injection vulnerability exists in the `git-mcp-server` MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.exec`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possib

Affected: >= 0Fixed in 2.1.5Published Jun 30, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/git-mcp-server)](https://mcppedia.org/s/git-mcp-server)

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?