tavily-mcp

tavily-ai/tavily-mcp

5 files · 1 findings

1 medium

Tool Poisoningclean

Command Injectionclean

Path Traversalclean

SSRFclean

Credential Theftclean

Excessive Permissionsclean

Missing Authclean

Supply Chain

Supply Chain1

medium

Package names that are common misspellings of popular packages may be typosquatting attacks.

package.json:51

"axios": "^1.6.7",

How to fix

Verify package names against the official registry. Use lockfiles and integrity hashes.