Is Pdf Mcp Server safe to use?

Pdf Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Pdf Mcp Server?

Pdf Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Pdf Mcp Server do?

Pdf Mcp Server provides 22 tools: merge_pdfs, split_pdf, extract_pages, rotate_pages, encrypt_pdf and 17 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Pdf Mcp Server?

Pdf Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Pdf Mcp Server actively maintained?

Pdf Mcp Server is less actively maintained — last commit was 318 days ago. It has 14 GitHub stars.

Pdf Mcp Server

Name: Pdf Mcp Server
Author: Sohaib-2

fastmcp · by Sohaib-2

Comprehensive PDF manipulation toolkit. Merge, split, encrypt, optimize PDFs through natural language commands via MCP protocol.

14 22 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 318d ago

Works with most clients

Transport: stdio

22 tools · ~1.9k tok

Grade C · 0.9% of 200K ctx

Edit this pageView history

Productivity Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pdf-tools": {
      "args": [
        "C:\\path\\to\\pdf-mcp-server\\server.py"
      ],
      "command": "C:\\path\\to\\pdf-mcp-server\\.venv\\Scripts\\python.exe"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pdf-mcp-server)](https://mcppedia.org/s/pdf-mcp-server)

Read me

What Pdf Mcp Server does

Transform PDF manipulation with AI-powered natural language commands through Claude integration

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

70/100across 5 weighted dimensions

How we score →

0255075100

−30

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (22)

Click any tool to inspect its schema.

~1.9k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pdf Mcp Server safe to use?: Pdf Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Pdf Mcp Server?: Pdf Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Pdf Mcp Server do?: Pdf Mcp Server provides 22 tools: merge_pdfs, split_pdf, extract_pages, rotate_pages, encrypt_pdf and 17 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Pdf Mcp Server?: Pdf Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Pdf Mcp Server actively maintained?: Pdf Mcp Server is less actively maintained — last commit was 318 days ago. It has 14 GitHub stars.

Similar servers

Others in productivity / data

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.3k 4

io.github.miroapp/mcp-server95

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

104 7

MCP Security Weekly

Get CVE alerts and security updates for Pdf Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Productivity Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pdf-tools": {
      "args": [
        "C:\\path\\to\\pdf-mcp-server\\server.py"
      ],
      "command": "C:\\path\\to\\pdf-mcp-server\\.venv\\Scripts\\python.exe"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pdf-mcp-server)](https://mcppedia.org/s/pdf-mcp-server)

Read me

What Pdf Mcp Server does

Transform PDF manipulation with AI-powered natural language commands through Claude integration

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

PDF MCP Server

Transform PDF manipulation with AI-powered natural language commands through Claude integration

Comprehensive PDF toolkit that integrates seamlessly with Claude AI via MCP (Model Context Protocol). Perform complex PDF operations using simple conversational commands - merge, split, encrypt, optimize, and analyze PDFs effortlessly.

🚀 Quick Start

Clone & Setup

git clone https://github.com/Sohaib-2/pdf-mcp-server.git
cd pdf-mcp-server

Option 1: With Virtual Environment (Recommended)

python -m venv .venv
# Windows
.venv\Scripts\activate
# macOS/Linux  
source .venv/bin/activate

pip install -r requirements.txt

Option 2: Without Virtual Environment

pip install fastmcp requests pathlib

Install PDF Tools

PDFtk:

# Ubuntu/Debian
sudo apt-get install pdftk
# macOS
brew install pdftk-java
# Windows: Download from https://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/

QPDF:

# Ubuntu/Debian
sudo apt-get install qpdf
# macOS
brew install qpdf
# Windows: Download from https://qpdf.sourceforge.io/

🔧 Claude Desktop Integration

Locate Claude config file:
- Windows: %APPDATA%\Claude\claude_desktop_config.json
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Add PDF MCP Server:

With Virtual Environment:

{
  "mcpServers": {
    "pdf-tools": {
      "command": "C:\\path\\to\\pdf-mcp-server\\.venv\\Scripts\\python.exe",
      "args": ["C:\\path\\to\\pdf-mcp-server\\server.py"]
    }
  }
}

Without Virtual Environment:

{
  "mcpServers": {
    "pdf-tools": {
      "command": "python",
      "args": ["C:\\path\\to\\pdf-mcp-server\\server.py"]
    }
  }
}

macOS/Linux with venv:

{
  "mcpServers": {
    "pdf-tools": {
      "command": "/path/to/pdf-mcp-server/.venv/bin/python",
      "args": ["/path/to/pdf-mcp-server/server.py"]
    }
  }
}

Restart Claude Desktop
Start using natural language:
- "Merge these 3 PDFs into one document"
- "Encrypt my report with password protection"
- "Extract pages 1-10 from this manual"

📚 Complete Tool Reference

Core Operations

Tool	Description	Example
`merge_pdfs`	Combine multiple PDFs	`merge_pdfs(['doc1.pdf', 'doc2.pdf'], 'combined.pdf')`
`split_pdf`	Split into individual pages	`split_pdf('document.pdf', './pages/')`
`extract_pages`	Extract specific page ranges	`extract_pages('book.pdf', '1-5,10,15-20', 'excerpt.pdf')`
`rotate_pages`	Rotate pages by degrees	`rotate_pages('scan.pdf', '90', 'rotated.pdf', '1-3')`

Security & Encryption

Tool	Description	Example
`encrypt_pdf`	AES-256 encryption	`encrypt_pdf('file.pdf', 'secure.pdf', 'password123')`
`encrypt_pdf_basic`	Basic password protection	`encrypt_pdf_basic('doc.pdf', 'protected.pdf', 'pass', 'admin')`
`decrypt_pdf`	Remove password protection	`decrypt_pdf('locked.pdf', 'unlocked.pdf', 'password')`

Optimization & Repair

Tool	Description	Example
`optimize_pdf`	Compress for web/email	`optimize_pdf('large.pdf', 'small.pdf', 'high')`
`repair_pdf`	Fix corrupted PDFs	`repair_pdf('broken.pdf', 'fixed.pdf')`
`check_pdf_integrity`	Validate PDF structure	`check_pdf_integrity('su

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

70/100across 5 weighted dimensions

How we score →

0255075100

−30

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (22)

Click any tool to inspect its schema.

~1.9k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pdf Mcp Server safe to use?: Pdf Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Pdf Mcp Server?: Pdf Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Pdf Mcp Server do?: Pdf Mcp Server provides 22 tools: merge_pdfs, split_pdf, extract_pages, rotate_pages, encrypt_pdf and 17 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Pdf Mcp Server?: Pdf Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Pdf Mcp Server actively maintained?: Pdf Mcp Server is less actively maintained — last commit was 318 days ago. It has 14 GitHub stars.