Is MedRxiv MCP Server safe to use?

MedRxiv MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install MedRxiv MCP Server?

MedRxiv MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can MedRxiv MCP Server do?

MedRxiv MCP Server provides 3 tools: search_medrxiv_key_words, search_medrxiv_advanced, get_medrxiv_metadata. See the full tools list on the server page for descriptions and parameters.

What AI clients work with MedRxiv MCP Server?

MedRxiv MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is MedRxiv MCP Server actively maintained?

MedRxiv MCP Server is not actively maintained — last commit was 437 days ago. It has 7 GitHub stars.

MedRxiv MCP Server

Name: MedRxiv MCP Server
Author: JackKuo666

FastMCP · by JackKuo666

🔍 Enable AI assistants to search and access medRxiv papers through a simple MCP interface.

7 3 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 437d ago

Works with most clients

Transport: stdio, http

3 tools · ~420 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Education Search

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "medrxiv": {
      "args": [
        "-m",
        "medrxiv-mcp-server"
      ],
      "command": "python"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/medrxiv-mcp-server)](https://mcppedia.org/s/medrxiv-mcp-server)

Read me

What MedRxiv MCP Server does

🔍 Enable AI assistants to search and access medRxiv papers through a simple MCP interface.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'FastMCP' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

75/100across 5 weighted dimensions

How we score →

0255075100

−25

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (3)

Click any tool to inspect its schema.

~420 tokens total

Inventory

Prompts (1)

deep-paper-analysis

A comprehensive workflow for analyzing academic papers that includes detailed instructions for using available tools and systematic analysis structure covering executive summary, research context, methodology, results, implications, and future directions

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is MedRxiv MCP Server safe to use?: MedRxiv MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install MedRxiv MCP Server?: MedRxiv MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can MedRxiv MCP Server do?: MedRxiv MCP Server provides 3 tools: search_medrxiv_key_words, search_medrxiv_advanced, get_medrxiv_metadata. See the full tools list on the server page for descriptions and parameters.
What AI clients work with MedRxiv MCP Server?: MedRxiv MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is MedRxiv MCP Server actively maintained?: MedRxiv MCP Server is not actively maintained — last commit was 437 days ago. It has 7 GitHub stars.

Similar servers

Others in education / search

View all →

Brave Search MCP Server98

Web and local search using Brave Search API

86.4k 2

Tavily Mcp96

Production ready MCP server with real-time search, extract, map & crawl.

2.0k 4

Context795

Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors

56.4k 2

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

MCP Security Weekly

Get CVE alerts and security updates for MedRxiv MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Education Search

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "medrxiv": {
      "args": [
        "-m",
        "medrxiv-mcp-server"
      ],
      "command": "python"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/medrxiv-mcp-server)](https://mcppedia.org/s/medrxiv-mcp-server)

Read me

What MedRxiv MCP Server does

🔍 Enable AI assistants to search and access medRxiv papers through a simple MCP interface.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'FastMCP' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

medRxiv MCP Server

🔍 Enable AI assistants to search and access medRxiv papers through a simple MCP interface.

The medRxiv MCP Server provides a bridge between AI assistants and medRxiv's preprint repository through the Model Context Protocol (MCP). It allows AI models to search for health sciences preprints and access their content in a programmatic way.

🤝 Contribute • 📝 Report Bug

✨ Core Features

🔎 Paper Search: Query medRxiv papers with custom search strings or advanced search parameters ✅
🚀 Efficient Retrieval: Fast access to paper metadata ✅
📊 Metadata Access: Retrieve detailed metadata for specific papers using DOI ✅
📊 Research Support: Facilitate health sciences research and analysis ✅
📄 Paper Access: Download and read paper content 📝
📋 Paper Listing: View all downloaded papers 📝
🗃️ Local Storage: Papers are saved locally for faster access 📝
📝 Research Prompts: A set of specialized prompts for paper analysis 📝

🚀 Quick Start

Installing via Smithery

To install medRxiv Server for Claude Desktop automatically via Smithery:

claude

npx -y @smithery/cli@latest install @JackKuo666/medrxiv-mcp-server --client claude --config "{}"

Cursor

Paste the following into Settings → Cursor Settings → MCP → Add new server:

Mac/Linux

npx -y @smithery/cli@latest run @JackKuo666/medrxiv-mcp-server --client cursor --config "{}"

Windsurf

npx -y @smithery/cli@latest install @JackKuo666/medrxiv-mcp-server --client windsurf --config "{}"

CLine

npx -y @smithery/cli@latest install @JackKuo666/medrxiv-mcp-server --client cline --config "{}"

Installing Manually

Install using uv:

uv tool install medRxiv-mcp-server

For development:

# Clone and set up development environment
git clone https://github.com/JackKuo666/medRxiv-MCP-Server.git
cd medRxiv-MCP-Server

# Create and activate virtual environment
uv venv
source .venv/bin/activate
uv pip install -r requirements.txt

📊 Usage

Start the MCP server:

python medrxiv_server.py

Once the server is running, you can use the provided MCP tools in your AI assistant or application. Here are some examples of how to use the tools:

Example 1: Search for papers using keywords

result = await mcp.use_tool("search_medrxiv_key_words", {
    "key_words": "COVID-19 vaccine efficacy",
    "num_results": 5
})
print(result)

Example 2: Perform an advanced search

result = await mcp.use_tool("search_medrxiv_advanced", {
    "term": "COVID-19",
    "author1": "MacLachlan",
    "start_date": "2020-01-01",
    "end_date": "2023-12-31",
    "num_results": 3
})
print(result)

Example 3: Get metadata for a specific paper

result = await mcp.use_tool("get_medrxiv_metadata", {
    "doi": "10.1101/2025.03.09.25323517"
})
print(result)

These examples demonstrate how to use the three main tools provided by the medRxiv MCP Server. Adjust the parameters as needed for your specific use case.

🛠 MCP Tools

The medRxiv MCP Server provides the following tools:

search_medrxiv_key_words

Search for articles on medRxiv using key words.

Parameters:

key_words (str): Search query string
num_results (int, optional): Number of results to return (default: 10)

Returns: List of dictionaries containing article information

search_medrxiv_advanced

Perform an advanced search for articles on medRxiv.

Parameters:

term (str, optional): General search term
title (str, optional): Search in title
author1 (str, optional): First author
author2 (str, optional): Second author
abstract_title (str, optional): Search in abstract and title
text_abstract_title (str, optional): Search in full text

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

75/100across 5 weighted dimensions

How we score →

0255075100

−25

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (3)

Click any tool to inspect its schema.

~420 tokens total

Inventory

Prompts (1)

deep-paper-analysis

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is MedRxiv MCP Server safe to use?: MedRxiv MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install MedRxiv MCP Server?: MedRxiv MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can MedRxiv MCP Server do?: MedRxiv MCP Server provides 3 tools: search_medrxiv_key_words, search_medrxiv_advanced, get_medrxiv_metadata. See the full tools list on the server page for descriptions and parameters.
What AI clients work with MedRxiv MCP Server?: MedRxiv MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is MedRxiv MCP Server actively maintained?: MedRxiv MCP Server is not actively maintained — last commit was 437 days ago. It has 7 GitHub stars.