Skip to content

Add MseeP.ai badge#15

Open
mseep-ai wants to merge 1 commit into
scotthooker:mainfrom
mseep-ai:add-mseep-badge
Open

Add MseeP.ai badge#15
mseep-ai wants to merge 1 commit into
scotthooker:mainfrom
mseep-ai:add-mseep-badge

Conversation

@mseep-ai

@mseep-ai mseep-ai commented Jul 6, 2026

Copy link
Copy Markdown

Hi there,

This pull request shares a security update on OpenRouter-ImageGen-MCP.

We also have an entry for OpenRouter-ImageGen-MCP in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of OpenRouter-ImageGen-MCP.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/scotthooker-openrouter-imagegen-mcp.

Thanks,

The MseeP Team
MCP servers you can trust


MseeP.ai Security Assessment Badge

Here are our latest evaluation results of OpenRouter-ImageGen-MCP

Security Scan Results

Security Score: 73/100

Risk Level: moderate

Scan Date: 2026-07-06

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

High Severity

  • handlebars
    • [{'source': 1115538, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block', 'url': 'https://github.com/advisories/GHSA-3mfm-83xf-c92r', 'severity': 'high', 'cwe': ['CWE-94', 'CWE-843'], 'cvss': {'score': 8.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'range': '>=4.0.0 <=4.7.8'}, {'source': 1115539, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has JavaScript Injection via AST Type Confusion', 'url': 'https://github.com/advisories/GHSA-2w6w-674q-4c4q', 'severity': 'critical', 'cwe': ['CWE-94', 'CWE-843'], 'cvss': {'score': 9.8, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'range': '>=4.0.0 <=4.7.8'}, {'source': 1115544, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection', 'url': 'https://github.com/advisories/GHSA-2qvq-rjwj-gvw9', 'severity': 'moderate', 'cwe': ['CWE-79', 'CWE-1321'], 'cvss': {'score': 4.7, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N'}, 'range': '>=4.0.0 <4.7.9'}, {'source': 1115588, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has a Prototype Method Access Control Gap via Missing lookupSetter Blocklist Entry', 'url': 'https://github.com/advisories/GHSA-7rx3-28cr-v5wh', 'severity': 'moderate', 'cwe': ['CWE-1321'], 'cvss': {'score': 4.8, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}, 'range': '>=4.6.0 <=4.7.8'}, {'source': 1115589, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has a Property Access Validation Bypass in container.lookup', 'url': 'https://github.com/advisories/GHSA-442j-39wm-28r2', 'severity': 'low', 'cwe': ['CWE-367'], 'cvss': {'score': 3.7, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}, 'range': '>=4.0.0 <=4.7.8'}, {'source': 1115693, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial', 'url': 'https://github.com/advisories/GHSA-xhpv-hc6g-r9c6', 'severity': 'high', 'cwe': ['CWE-94', 'CWE-843'], 'cvss': {'score': 8.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'range': '>=4.0.0 <=4.7.8'}, {'source': 1115694, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation', 'url': 'https://github.com/advisories/GHSA-9cx6-37pm-9jff', 'severity': 'high', 'cwe': ['CWE-754'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '>=4.0.0 <=4.7.8'}, {'source': 1117465, 'name': 'handlebars', 'dependency': 'handlebars', 'title': 'Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options', 'url': 'https://github.com/advisories/GHSA-xjpj-3mr7-gcpf', 'severity': 'high', 'cwe': ['CWE-79', 'CWE-94', 'CWE-116'], 'cvss': {'score': 8.2, 'vectorString': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}, 'range': '>=4.0.0 <=4.7.8'}]
    • Fixed in version: unknown

Medium Severity

  • @babel/core

    • [{'source': 1120793, 'name': '@babel/core', 'dependency': '@babel/core', 'title': '@babel/core: Arbitrary File Read via sourceMappingURL Comment', 'url': 'https://github.com/advisories/GHSA-4x5r-pxfx-6jf8', 'severity': 'low', 'cwe': ['CWE-22', 'CWE-200'], 'cvss': {'score': 3.2, 'vectorString': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}, 'range': '<=7.29.0'}]
    • Fixed in version: unknown
  • @modelcontextprotocol/sdk

    • [{'source': 1111906, 'name': '@modelcontextprotocol/sdk', 'dependency': '@modelcontextprotocol/sdk', 'title': "Anthropic's MCP TypeScript SDK has a ReDoS vulnerability", 'url': 'https://github.com/advisories/GHSA-8r9q-7v3j-jr4g', 'severity': 'high', 'cwe': ['CWE-1333'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<1.25.2'}, {'source': 1113080, 'name': '@modelcontextprotocol/sdk', 'dependency': '@modelcontextprotocol/sdk', 'title': '@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse', 'url': 'https://github.com/advisories/GHSA-345p-7cg4-v4c7', 'severity': 'high', 'cwe': ['CWE-362'], 'cvss': {'score': 7.1, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}, 'range': '>=1.10.0 <=1.25.3'}, {'source': 1113213, 'name': '@modelcontextprotocol/sdk', 'dependency': '@modelcontextprotocol/sdk', 'title': 'Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default', 'url': 'https://github.com/advisories/GHSA-w48q-cv73-mx4w', 'severity': 'high', 'cwe': ['CWE-350', 'CWE-1188'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<1.24.0'}]
    • Fixed in version: unknown
  • @typescript-eslint/eslint-plugin

    • ['@typescript-eslint/type-utils', '@typescript-eslint/utils']
    • Fixed in version: unknown
  • ... and 13 more medium severity vulnerabilities

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant