Jlowin Fastmcp
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jlowin Fastmcp.
By the Year
In 2026 there have been 0 vulnerabilities in Jlowin Fastmcp. Last year, in 2025 Fastmcp had 2 security vulnerabilities published. Right now, Fastmcp is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
It may take a day or so for new Fastmcp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jlowin Fastmcp Security Vulnerabilities
FastMCP <2.13 command injection via server_name on Windows
CVE-2025-62801
- October 28, 2025
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
Shell injection
FastMCP <2.13.0 Reflected XSS in oauth_callback.py
CVE-2025-62800
- October 28, 2025
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jlowin Fastmcp or by Jlowin? Click the Watch button to subscribe.
