We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/JesusDavidQuarksoft/MCP_Security'
If you have feedback or need assistance with the MCP directory API, please join our Discord server
{
"tool": "IAST Professional Analyzer (SAST + DAST + Config + Deps)",
"scan_id": "iast-hybrid-1770171717429",
"status": "completed",
"target_url": "http://localhost:3000",
"vulnerabilities": [
{
"id": "IAST-MISSING-HSTS-1770171717434",
"title": "Missing Strict-Transport-Security Header",
"severity": "high",
"category": "Security Misconfiguration",
"description": "La aplicación no implementa HSTS, lo que la hace vulnerable a ataques MITM.",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "Ataques Man-in-the-Middle, downgrade de HTTPS a HTTP",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Agregar header: Strict-Transport-Security: max-age=31536000; includeSubDomains"
},
{
"id": "IAST-MISSING-XFO-1770171717434",
"title": "Missing X-Frame-Options / CSP frame-ancestors",
"severity": "medium",
"category": "Security Misconfiguration",
"description": "La aplicación no previene clickjacking attacks.",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "Clickjacking, robo de credenciales mediante frame overlay",
"likelihood": "medium",
"status": "new",
"remediation_guidance": "Agregar header: X-Frame-Options: DENY o Content-Security-Policy: frame-ancestors 'none'"
},
{
"id": "IAST-MISSING-XCTO-1770171717434",
"title": "Missing X-Content-Type-Options Header",
"severity": "low",
"category": "Security Misconfiguration",
"description": "El navegador puede interpretar archivos de forma incorrecta (MIME sniffing).",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "MIME confusion attacks, ejecución de scripts no autorizados",
"likelihood": "low",
"status": "new",
"remediation_guidance": "Agregar header: X-Content-Type-Options: nosniff"
},
{
"id": "IAST-MISSING-CSP-1770171717434",
"title": "Missing Content-Security-Policy",
"severity": "high",
"category": "Security Misconfiguration",
"description": "No hay política de seguridad de contenido configurada.",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "XSS, inyección de código malicioso, carga de recursos no confiables",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Implementar CSP restrictivo: Content-Security-Policy: default-src 'self'; script-src 'self'"
},
{
"id": "IAST-INFO-LEAK-1770171717434",
"title": "Information Leakage (X-Powered-By)",
"severity": "low",
"category": "Information Disclosure",
"description": "El servidor revela información de tecnología: Express",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "Ataques dirigidos basados en vulnerabilidades conocidas de la versión revelada",
"likelihood": "low",
"status": "new",
"remediation_guidance": "Deshabilitar X-Powered-By en la configuración del servidor."
},
{
"id": "IAST-SQL-INJ-1770171717459-432",
"title": "Potential SQL Injection",
"severity": "critical",
"category": "Injection",
"description": "Posible concatenación insegura en query SQL detectada.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 433,
"method": "SQL Query",
"type": "sink"
}
],
"impact": "Acceso no autorizado a base de datos, robo de información, modificación de datos",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Usar consultas parametrizadas o prepared statements. Ejemplo: query(\"SELECT * FROM users WHERE id = $1\", [userId])"
},
{
"id": "IAST-XSS-1770171717459-466",
"title": "Potential Cross-Site Scripting (XSS)",
"severity": "high",
"category": "Injection",
"description": "Renderizado de contenido no sanitizado del usuario.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 467,
"method": "DOM Manipulation",
"type": "sink"
}
],
"impact": "Ejecución de JavaScript malicioso, robo de cookies, phishing",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Sanitizar input del usuario antes de renderizar. Usar bibliotecas como DOMPurify o escaping adecuado."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717461-609",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 610,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717461-612",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 613,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717461-624",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 625,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717461-1323",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\iast-tool.ts",
"line": 1324,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717464-427",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\sast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\sast-tool.ts",
"line": 428,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717464-428",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\sast-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\sast-tool.ts",
"line": 429,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717469-517",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\security-report-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\security-report-tool.ts",
"line": 518,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-UNSAFE-EVAL-1770171717469-518",
"title": "Unsafe use of eval()",
"severity": "high",
"category": "Code Injection",
"description": "Uso de eval() o construcción dinámica de código.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\security-report-tool.ts",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\src\\mcp\\tools\\security-report-tool.ts",
"line": 519,
"method": "Code Evaluation",
"type": "sink"
}
],
"impact": "Ejecución arbitraria de código, bypass de seguridad",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Evitar eval(). Usar alternativas seguras como JSON.parse() o funciones específicas."
},
{
"id": "IAST-SQL-INJ-1770171717471-38",
"title": "Potential SQL Injection",
"severity": "critical",
"category": "Injection",
"description": "Posible concatenación insegura en query SQL detectada.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\test-vulnerable-server.js",
"method": "N/A",
"data_flow": [
{
"file": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\test-vulnerable-server.js",
"line": 39,
"method": "SQL Query",
"type": "sink"
}
],
"impact": "Acceso no autorizado a base de datos, robo de información, modificación de datos",
"likelihood": "high",
"status": "new",
"remediation_guidance": "Usar consultas parametrizadas o prepared statements. Ejemplo: query(\"SELECT * FROM users WHERE id = $1\", [userId])"
},
{
"id": "IAST-DEP-MANUAL-axios-1770171722373",
"title": "Potentially Outdated Dependency: axios",
"severity": "medium",
"category": "Vulnerable Components",
"description": "La dependencia axios debe ser revisada manualmente. Versión actual: ^1.6.0",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\package.json",
"method": "N/A",
"data_flow": [],
"impact": "Posible exposición a vulnerabilidades conocidas",
"likelihood": "low",
"status": "new",
"remediation_guidance": "Ejecutar 'npm audit' y actualizar a la última versión segura."
},
{
"id": "IAST-ENV-SECRETS-1770171722375",
"title": "Sensitive Data in Environment File",
"severity": "medium",
"category": "Sensitive Data Exposure",
"description": "Archivo .env contiene datos sensibles.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\.env",
"method": "N/A",
"data_flow": [],
"impact": "Exposición de credenciales si el archivo es comprometido",
"likelihood": "medium",
"status": "new",
"remediation_guidance": "Asegurar que .env esté en .gitignore y considerar uso de gestores de secretos para producción."
},
{
"id": "IAST-DOCKER-WRITABLE-1770171722376",
"title": "Docker Container Filesystem Not Read-Only",
"severity": "low",
"category": "Security Misconfiguration",
"description": "El filesystem del contenedor es writable.",
"url": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP\\docker-compose.yml",
"method": "N/A",
"data_flow": [],
"impact": "Modificación de archivos del contenedor por atacante",
"likelihood": "low",
"status": "new",
"remediation_guidance": "Configurar \"read_only: true\" y usar volúmenes para datos que deben persistir."
},
{
"id": "IAST-CORS-MISC-1770171722381",
"title": "CORS Misconfiguration",
"severity": "medium",
"category": "Security Misconfiguration",
"description": "La política CORS es demasiado permisiva.",
"url": "http://localhost:3000",
"method": "GET",
"data_flow": [],
"impact": "Acceso no autorizado desde dominios maliciosos",
"likelihood": "medium",
"status": "new",
"remediation_guidance": "Configurar CORS con lista blanca específica de orígenes permitidos."
}
],
"summary": {
"total": 20,
"critical": 2,
"high": 11,
"medium": 4,
"low": 3
},
"metadata": {
"scan_duration": 5037,
"timestamp": "2026-02-04T02:22:02.414Z",
"agent_status": "active"
},
"project_path": "C:\\Users\\Jezuz\\OneDrive\\Escritorio\\DevSecOps-MCP\\DevSecOps-MCP"
}