CVE-2025-53818 – GitHub Kanban MCP Server Command Injection Vulnerability

July 15, 2025

CVE ID : CVE-2025-53818

Published : July 14, 2025, 9:15 p.m. | 5 hours, 36 minutes ago

Description : GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53640 – Indico Information Disclosure Vulnerability

Next Article CVE-2025-53623 – ActiveJob Job Iteration API Remote Code Execution Vulnerability

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

“A future has been stolen from many of us” — ZeniMax Online Studios devs will reportedly soon be hit by Microsoft’s Xbox layoffs after the MMO Phil Spencer loved was cancelled

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

CVE-2025-53818 – GitHub Kanban MCP Server Command Injection Vulnerability

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

CVE-2025-7059 – WordPress Simple Featured Image Stored Cross-Site Scripting

Volatility in Google Search April 2025 after March core update

Distribution Release: Regata OS 25.0.3

ASUS warns of critical auth bypass flaw in routers using AiCloud

Rilasciato ONLYOFFICE Docs 9.0: più smart, più formati, più potente

CVE-2025-43711 – Tunnelblick Privilege Escalation Vulnerability

Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals

CVE-2025-53818 – GitHub Kanban MCP Server Command Injection Vulnerability

Related Posts