Is Pubmed Search Mcp safe to use?

Pubmed Search Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Pubmed Search Mcp?

Pubmed Search Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Pubmed Search Mcp?

Pubmed Search Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Pubmed Search Mcp actively maintained?

Pubmed Search Mcp is actively maintained — last commit was 15 days ago. It has 14 GitHub stars.

Pubmed Search Mcp

Name: Pubmed Search Mcp
Author: u9401066

pip · by u9401066

🔬 Professional MCP server for biomedical literature research — 40 tools, multi-source search (PubMed, Europe PMC, CORE, OpenAlex), full-text access, citation networks, PICO analysis, and more

14 0 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 15d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Health Search

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pubmed-search": {
      "env": {
        "NCBI_EMAIL": "your@email.com"
      },
      "args": [
        "pubmed-search-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pubmed-search-mcp)](https://mcppedia.org/s/pubmed-search-mcp)

Read me

What Pubmed Search Mcp does

Professional Literature Research Assistant for AI Agents - More than just an API wrapper

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'pip' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

13 fixed

CVE-2026-6357medium · fixedCVSS 4

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Affected: >= 0Fixed in 26.1source →

CVE-2026-3219medium · fixedCVSS 4

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.

Affected: >= 0Fixed in 26.1source →

ECHO-7db2-03aa-5591info · fixed

ECHO-7db2-03aa-5591

Affected: >= 0Fixed in 25.2+echo.1source →

CVE-2026-1703medium · fixedCVSS 4

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Affected: >= 0Fixed in 26.0source →

ECHO-ffe1-1d3c-d9bcinfo · fixed

ECHO-ffe1-1d3c-d9bc

Affected: >= 0Fixed in 25.2+echo.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pubmed Search Mcp safe to use?: Pubmed Search Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Pubmed Search Mcp?: Pubmed Search Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Pubmed Search Mcp?: Pubmed Search Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Pubmed Search Mcp actively maintained?: Pubmed Search Mcp is actively maintained — last commit was 15 days ago. It has 14 GitHub stars.

Similar servers

Others in health / search

View all →

Brave Search MCP Server98

Web and local search using Brave Search API

86.5k 2

Tavily Mcp96

Production ready MCP server with real-time search, extract, map & crawl.

2.0k 4

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

Firecrawl Mcp95

MCP server for Firecrawl — search, scrape, and interact with the web. Supports both cloud and self-hosted instances. Features include web search, scraping, page interaction, batch processing, and LLM-powered content analysis.

6.4k 5

MCP Security Weekly

Get CVE alerts and security updates for Pubmed Search Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Health Search

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pubmed-search": {
      "env": {
        "NCBI_EMAIL": "your@email.com"
      },
      "args": [
        "pubmed-search-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pubmed-search-mcp)](https://mcppedia.org/s/pubmed-search-mcp)

Read me

What Pubmed Search Mcp does

Professional Literature Research Assistant for AI Agents - More than just an API wrapper

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'pip' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

PubMed Search MCP

Professional Literature Research Assistant for AI Agents - More than just an API wrapper

A Domain-Driven Design (DDD) based MCP server that serves as an intelligent research assistant for AI agents, providing task-oriented literature search and analysis capabilities.

✨ What's Included:

🔧 46 MCP Tools - Streamlined PubMed, Europe PMC, CORE, NCBI database access, and Research Timeline / Context Graph
🖼️ OA Figure Extraction - Pull figure captions, direct image URLs, and PDF links from PMC Open Access articles
📘 Docs Site - Browse language-switchable user and developer guides, architecture, quick reference, pipeline tutorials, source contracts, troubleshooting, and deployment in one place at u9401066.github.io/pubmed-search-mcp
📖 GitHub Wiki - GitHub-native mirror of the same canonical documentation at github.com/u9401066/pubmed-search-mcp/wiki
📚 24 Claude Skills - Ready-to-use workflow guides for AI agents (Claude Code-specific)
📖 Copilot Instructions - VS Code GitHub Copilot integration guide

🌐 Language: English | 繁體中文

📘 Documentation Map: README is the quick project entry point. Use the Docs Site for the best reading experience, the GitHub Wiki for GitHub-native navigation, and source docs for edits: User guide | Advanced workflows | Capability-first guide | Developer guide | Complete index

🚀 Quick Install

Prerequisites

Python 3.10+ — Download

uv (recommended) — Install uv

# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

NCBI Email — Required by NCBI API policy. Any valid email address.
NCBI API Key (optional) — Get one here for higher rate limits (10 req/s vs 3 req/s)
OpenAlex API Key (optional) — set OPENALEX_API_KEY to use authenticated OpenAlex requests instead of mailto-only polite-pool auth

Install & Run

# Option 1: Zero-install with uvx (recommended for trying out)
uvx pubmed-search-mcp

# Option 2: Add as project dependency
uv add pubmed-search-mcp

# Option 3: pip install
pip install pubmed-search-mcp

⚙️ Configuration

This MCP server works with any MCP-compatible AI tool. Choose your preferred client:

VS Code / Cursor (`.vscode/mcp.json`)

{
  "servers": {
    "pubmed-search": {
      "type": "stdio",
      "command": "uvx",
      "args": ["pubmed-search-mcp"],
      "env": {
        "NCBI_EMAIL": "your@email.com"
      }
    }
  }
}

Optional: enable browser-session PDF fallback once and let tools auto-use it:

{
  "servers": {
    "

... [View full README on GitHub](https://github.com/u9401066/pubmed-search-mcp#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

13 fixed

CVE-2026-6357medium · fixedCVSS 4

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

Affected: >= 0Fixed in 26.1source →

CVE-2026-3219medium · fixedCVSS 4

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

Affected: >= 0Fixed in 26.1source →

ECHO-7db2-03aa-5591info · fixed

ECHO-7db2-03aa-5591

Affected: >= 0Fixed in 25.2+echo.1source →

CVE-2026-1703medium · fixedCVSS 4

pip Path Traversal vulnerability

Affected: >= 0Fixed in 26.0source →

ECHO-ffe1-1d3c-d9bcinfo · fixed

ECHO-ffe1-1d3c-d9bc

Affected: >= 0Fixed in 25.2+echo.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Pubmed Search Mcp safe to use?: Pubmed Search Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Pubmed Search Mcp?: Pubmed Search Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Pubmed Search Mcp?: Pubmed Search Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Pubmed Search Mcp actively maintained?: Pubmed Search Mcp is actively maintained — last commit was 15 days ago. It has 14 GitHub stars.

Similar servers

Others in health / search

View all →

Brave Search MCP Server98

Web and local search using Brave Search API

86.5k 2

Tavily Mcp96

Production ready MCP server with real-time search, extract, map & crawl.

2.0k 4

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

Firecrawl Mcp95

6.4k 5

MCP Security Weekly

Get CVE alerts and security updates for Pubmed Search Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Pubmed Search Mcp

Install in your client

What Pubmed Search Mcp does

Test This Server

Why this score

54/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

Pubmed Search Mcp

Install in your client

What Pubmed Search Mcp does

Test This Server

PubMed Search MCP

🚀 Quick Install

Prerequisites

Install & Run

⚙️ Configuration

VS Code / Cursor (.vscode/mcp.json)

Why this score

54/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

PubMed Search MCP

🚀 Quick Install

Prerequisites

Install & Run

⚙️ Configuration

VS Code / Cursor (.vscode/mcp.json)

VS Code / Cursor (`.vscode/mcp.json`)

VS Code / Cursor (`.vscode/mcp.json`)