Is Pubmed Mcp safe to use?

Pubmed Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Pubmed Mcp?

Pubmed Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Pubmed Mcp do?

Pubmed Mcp provides 7 tools: search_pubmed, get_article_details, search_by_author, export_citations, find_related_articles and 2 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Pubmed Mcp?

Pubmed Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is Pubmed Mcp actively maintained?

Pubmed Mcp is less actively maintained — last commit was 295 days ago. It has 8 GitHub stars.

Pubmed Mcp

A Model Context Protocol (MCP) server that enables AI assistants to search and analyze PubMed medical literature with advanced filtering, citations, and research tools.

StaleNot tested

AI / ML Search

★ 8PyPI GitHub

73BNo CVEsstale7 toolsMIT

Quick Install

{
  "mcpServers": {
    "pubmed-mcp": {
      "args": [
        "black"
      ],
      "command": "uvx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pubmed-mcp)](https://mcppedia.org/s/pubmed-mcp)

Should you use this server?

A Model Context Protocol (MCP) server that enables AI assistants to search and analyze PubMed medical literature with advanced filtering, citations, and research tools.

✓

Is it safe?

No known CVEs for black. 2 previously resolved.

No authentication — any process on your machine can connect.

MIT. View license →

Is it maintained?

Last commit 295 days ago. 8 stars.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Context cost

7 tools. ~900 tokens (0.5% of 200K).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'black' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

73B

Last scored 21h ago

How we score →

Security

30/30

No open vulnerabilities. 2 fixed CVEs.

✓

Known CVEs — No known CVEs for blackcheck OSV.dev

✓

Tool safety — No dangerous patterns detected

Tools (7)

search_pubmed

Search PubMed with advanced filtering options.

get_article_details

Get detailed information for specific PMIDs.

search_by_author

Search for articles by a specific author.

export_citations

Export citations in various formats.

find_related_articles

Find articles related to a specific PMID.

search_mesh_terms

Search using MeSH terms.

analyze_research_trends

Analyze publication trends over time.

Advisories (0 open, 2 fixed)

mediumCVSS 4CVE-2026-32274Fixed

Black: Arbitrary file writes from unsanitized user input in cache file name

### Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the `--python-cell-magics` option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. ### Patches Fixed in Black 26.3.1. ### Workarounds Do not allow untrusted user input into the value of the `--python-cell-magics` option.

Affected: >= 0Fixed in 26.3.1Published Mar 12, 2026source \u2192

infoCVE-2024-21503Fixed

PYSEC-2024-48

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Affected: >= 0Fixed in f00093672628d212b8965a8993cee8bedf5fe9b8Published Mar 19, 2024source \u2192

Frequently Asked Questions

Is Pubmed Mcp safe to use?: Pubmed Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Pubmed Mcp?: Pubmed Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Pubmed Mcp do?: Pubmed Mcp provides 7 tools: search_pubmed, get_article_details, search_by_author, export_citations, find_related_articles and 2 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Pubmed Mcp?: Pubmed Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is Pubmed Mcp actively maintained?: Pubmed Mcp is less actively maintained — last commit was 295 days ago. It has 8 GitHub stars.

Pubmed Mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Tools (7)

Help improve this page

Advisories (0 open, 2 fixed)

Reviews

Frequently Asked Questions

Similar servers

Tavily Mcp

Sequential Thinking MCP Server

Arxiv Mcp Server

Brave Search MCP Server

Discussion