Is Mcp Gitlab Server safe to use?

Mcp Gitlab Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Gitlab Server?

Mcp Gitlab Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp Gitlab Server do?

Mcp Gitlab Server provides 2 tools: Installation, Configuration. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Gitlab Server?

Mcp Gitlab Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp Gitlab Server actively maintained?

Mcp Gitlab Server is actively maintained — last commit was 1 day ago. It has 51 GitHub stars.

Mcp Gitlab Server

Name: Mcp Gitlab Server
Author: yoda-digital

@yoda.digital/gitlab-mcp-server · by yoda-digital

Enhanced MCP server for GitLab: group projects listing and activity tracking

51 1.3k/wk 2 tools GitHub npm

No known CVEs

MIT license

Actively maintained

Last commit 1d ago

Works with most clients

Transport: stdio, sse, http

2 tools · ~49 tok

Grade A · 0.0% of 200K ctx

Edit this pageView history

Developer Tools DevOps

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "gitlab": {
      "env": {
        "GITLAB_API_URL": "https://gitlab.com/api/v4",
        "GITLAB_PERSONAL_ACCESS_TOKEN": "your-token-here"
      },
      "args": [
        "-y",
        "@yoda.digital/gitlab-mcp-server"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-gitlab-server)](https://mcppedia.org/s/mcp-gitlab-server)

Read me

What Mcp Gitlab Server does

See Full Product Vision & Roadmap

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

92/100across 5 weighted dimensions

How we score →

0255075100

−8

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2026-44895medium · fixedCVSS 4

@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of `mcp-gitlab-server` at commit `80a7b4cf3fba6b55389c0ef491a48190f7c8996a` uncovered that the SSE HTTP transport — advertised in the README and comparison table as a differentiating feature — runs with no authentication and wildcard CORS on every endpoint. The maintainers' own roadmap confirms auth is a known gap. When `USE_SSE=true`, the HTTP server in `src/transpo

Affected: >= 0Fixed in 0.6.0source →

Inventory

Tools (2)

Click any tool to inspect its schema.

~49 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Gitlab Server safe to use?: Mcp Gitlab Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Gitlab Server?: Mcp Gitlab Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Gitlab Server do?: Mcp Gitlab Server provides 2 tools: Installation, Configuration. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Gitlab Server?: Mcp Gitlab Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Gitlab Server actively maintained?: Mcp Gitlab Server is actively maintained — last commit was 1 day ago. It has 51 GitHub stars.

Similar servers

Others in developer-tools / devops

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.6k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Gitlab Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Developer Tools DevOps

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "gitlab": {
      "env": {
        "GITLAB_API_URL": "https://gitlab.com/api/v4",
        "GITLAB_PERSONAL_ACCESS_TOKEN": "your-token-here"
      },
      "args": [
        "-y",
        "@yoda.digital/gitlab-mcp-server"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-gitlab-server)](https://mcppedia.org/s/mcp-gitlab-server)

Read me

What Mcp Gitlab Server does

See Full Product Vision & Roadmap

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

GitLab MCP Server

The most comprehensive Model Context Protocol (MCP) server for GitLab — 86 tools, enterprise-ready, actively maintained.

What it is

GitLab MCP Server lets an AI agent (Claude Desktop, Claude Code, Cursor, Zed, VS Code, or any Model Context Protocol client) talk directly to GitLab. It is a typed, paginated, schema-validated bridge to the GitLab REST API, exposed as 86 MCP tools. It is not a wrapper around glab and it does not screen-scrape.

It runs against gitlab.com or any self-hosted GitLab instance, and authenticates with a personal access token, an OAuth Bearer token forwarded by an upstream gateway, or a read-only token for safe demos.

Why it exists

Anthropic released MCP on November 25, 2024. The reference servers covered Google Drive, Slack, GitHub, Git, Postgres, and Puppeteer. There was no GitLab server. The Yoda Digital engineering team runs on self-hosted GitLab, so the official examples did not help us, and the early community ports were not yet trying to cover the GitLab surface area properly.

We wrote one for ourselves. Group projects, activity tracking, the operations our DevOps actually needed. We open-sourced it on March 18, 2025, expecting maybe five people to find it useful.

A year on the project has 86 tools, working stdio / SSE / Streamable HTTP transports, PAT and OAuth modes, a Docker image on ghcr.io, and a Helm chart written almost entirely by an external contributor we had never met. Releases 0.4.0 and 0.5.0 are mostly someone else's code now, which is the best problem an open-source maintainer can have.

Quick start

Local clients (stdio)

For Claude Desktop, Cursor, Zed, and any client that runs MCP servers as a local subprocess. Add this to your client's MCP config (for Claude Desktop, that's claude_desktop_config.json):

{
  "mcpServers": {
    "gitlab": {
      "command": "npx",
      "args": ["-y", "@yoda.digital/gitlab-mcp-server"],
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "glpat-…",
        "GITLAB_API_URL": "https://gitlab.com/api/v4"
      }
    }
  }
}

Self-hosted? Replace GITLAB_API_URL with your instance, e.g. https://gitlab.example.com/api/v4. Want a safe demo with no write

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

92/100across 5 weighted dimensions

How we score →

0255075100

−8

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2026-44895medium · fixedCVSS 4

@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

Affected: >= 0Fixed in 0.6.0source →

Inventory

Tools (2)

Click any tool to inspect its schema.

~49 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Gitlab Server safe to use?: Mcp Gitlab Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Gitlab Server?: Mcp Gitlab Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Gitlab Server do?: Mcp Gitlab Server provides 2 tools: Installation, Configuration. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Gitlab Server?: Mcp Gitlab Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Gitlab Server actively maintained?: Mcp Gitlab Server is actively maintained — last commit was 1 day ago. It has 51 GitHub stars.

Similar servers

Others in developer-tools / devops

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.6k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Gitlab Server and similar servers.

Community