Is Pubmed Search Mcp safe to use?

Pubmed Search Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Pubmed Search Mcp?

Pubmed Search Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Pubmed Search Mcp?

Pubmed Search Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is Pubmed Search Mcp actively maintained?

Pubmed Search Mcp is actively maintained — last commit was 2 days ago. It has 9 GitHub stars.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/pubmed-search-mcp)](https://mcppedia.org/s/pubmed-search-mcp)

✓

Is it safe?

No known CVEs for pip. 9 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 2 days ago. 9 stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'pip' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

MCPpedia Score

Click each category to see evidence

53C

Last scored 21h ago

How we score →

Security

19/30

No open vulnerabilities. 9 fixed CVEs.

✓

Known CVEs — No known CVEs for pipcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 9 fixed)

mediumCVSS 4CVE-2026-1703Fixed

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Affected: >= 0Fixed in 26.0Published Feb 2, 2026source \u2192

mediumCVSS 4CVE-2025-8869Fixed

pip's fallback tar extraction doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulne

Affected: >= 0Fixed in 25.3Published Sep 24, 2025source \u2192

low

CVEs checked daily via OSV.dev. Score algorithm is open source.

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

MCP Security Weekly

Get CVE alerts and security updates for Pubmed Search Mcp and similar servers.

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

infoCVE-2021-3572Fixed

PYSEC-2021-437

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Affected: >= 0Fixed in 21.1Published Nov 10, 2021source \u2192

infoCVE-2019-20916Fixed

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Affected: >= 0Fixed in a4c735b14a62f9cb864533808ac63936704f2acePublished Sep 4, 2020source \u2192

infoCVE-2013-5123Fixed

PYSEC-2019-160

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Affected: >= 0Fixed in 1.5Published Nov 5, 2019source \u2192

infoCVE-2014-8991Fixed

PYSEC-2014-11

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Affected: >= 1.3Fixed in 6.0Published Nov 24, 2014source \u2192

infoCVE-2013-1888Fixed

PYSEC-2013-9

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

Affected: >= 0Fixed in 1.3Published Aug 17, 2013source \u2192

infoCVE-2013-1629Fixed

PYSEC-2013-8

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

Affected: >= 0Fixed in 1.3Published Aug 6, 2013source \u2192

PubMed Search MCP

Professional Literature Research Assistant for AI Agents - More than just an API wrapper

A Domain-Driven Design (DDD) based MCP server that serves as an intelligent research assistant for AI agents, providing task-oriented literature search and analysis capabilities.

✨ What's Included:

🔧 42 MCP Tools - Streamlined PubMed, Europe PMC, CORE, NCBI database access, and Research Timeline / Context Graph
🖼️ OA Figure Extraction - Pull figure captions, direct image URLs, and PDF links from PMC Open Access articles
📘 Docs Site - Browse overview, architecture, quick reference, pipeline tutorials, source contracts, troubleshooting, and deployment in one place at docs/index.html
📚 24 Claude Skills - Ready-to-use workflow guides for AI agents (Claude Code-specific)
📖 Copilot Instructions - VS Code GitHub Copilot integration guide

🌐 Language: English | 繁體中文

🚀 Quick Install

Prerequisites

Python 3.10+ — Download

uv (recommended) — Install uv

# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

NCBI Email — Required by NCBI API policy. Any valid email address.
NCBI API Key (optional) — Get one here for higher rate limits (10 req/s vs 3 req/s)

Install & Run

# Option 1: Zero-install with uvx (recommended for trying out)
uvx pubmed-search-mcp

# Option 2: Add as project dependency
uv add pubmed-search-mcp

# Option 3: pip install
pip install pubmed-search-mcp

⚙️ Configuration

This MCP server works with any MCP-compatible AI tool. Choose your preferred client:

VS Code / Cursor (`.vscode/mcp.json`)

{
  "servers": {
    "pubmed-search": {
      "type": "stdio",
      "command": "uvx",
      "args": ["pubmed-search-mcp"],
      "env": {
        "NCBI_EMAIL": "your@email.com"
      }
    }
  }
}

Claude Desktop (`claude_desktop_config.json`)

{
  "mcpServers": {
    "pubmed-search": {
      "command": "uvx",
      "args": ["pubmed-search-mcp"],
      "env": {
        "NCBI_EMAIL": "your@email.com"
      }
    }
  }
}

Config file location:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

Linux: ~/.config/Claude/claude_desktop_config.json

Claude Code

claude mcp add pubmed-search -- uvx pubmed-search-mcp

Or add to .mcp.json in your project root:

{
  "mcpServers": {
    "pubmed-search": {
      "command": "uvx",
      "args": ["pubmed-search-mcp"],
      "env": {
        "NCBI_EMAIL": "your@email.com"
      }
    }
  }
}

Zed AI (`settings.json`)

Zed editor (z.ai) supports MCP servers natively. Add to your Zed settings.json:

{
  "context_servers": {
    "pubmed-search": {
      "command": "uvx",
      "args": ["pubmed-search-mcp"],
      "env": {
        "NCBI_EMAIL": "your@emai

... [View full README on GitHub](https://github.com/u9401066/pubmed-search-mcp#readme)

Pubmed Search Mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Help improve this page

Security

Advisories (0 open, 9 fixed)

Reviews

Frequently Asked Questions

Similar servers

io.github.wso2/fhir-mcp-server

Fhir Mcp Server

Kafka Dataops MCP Server

Healthcare Mcp Public

Discussion

PubMed Search MCP

🚀 Quick Install

Prerequisites

Install & Run

⚙️ Configuration

VS Code / Cursor (`.vscode/mcp.json`)

Claude Desktop (`claude_desktop_config.json`)

Claude Code

Zed AI (`settings.json`)

Pubmed Search Mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Help improve this page

Security

Advisories (0 open, 9 fixed)

Reviews

Frequently Asked Questions

Similar servers

io.github.wso2/fhir-mcp-server

Fhir Mcp Server

Kafka Dataops MCP Server

Healthcare Mcp Public

Discussion

PubMed Search MCP

🚀 Quick Install

Prerequisites

Install & Run

⚙️ Configuration

VS Code / Cursor (.vscode/mcp.json)

Claude Desktop (claude_desktop_config.json)

Claude Code

Zed AI (settings.json)

VS Code / Cursor (`.vscode/mcp.json`)

Claude Desktop (`claude_desktop_config.json`)

Zed AI (`settings.json`)