DevSecOps MCP Server

MCP_Security
scan-results

sast-semgrep-1770171567884.json•7.44 KiB

{ "tool": "Semgrep", "scan_id": "sast-semgrep-1770171567884", "status": "completed", "vulnerabilities": [ { "id": "generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key", "severity": "high", "type": "security", "description": "SonarQube Docs API Key detected", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\.github\\copilot-instructions.md", "line": 13 }, { "id": "generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key", "severity": "high", "type": "security", "description": "SonarQube Docs API Key detected", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\sonar-project.properties", "line": 6 }, { "id": "javascript.lang.security.audit.md5-used-as-password.md5-used-as-password", "severity": "medium", "type": "security", "description": "It looks like MD5 is used as a password hash. MD5 is not considered a secure password hash because it can be cracked by an attacker in a short amount of time. Use a suitable password hashing function such as bcrypt. You can use the `bcrypt` node.js package.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\common\\services\\security-vulnerabilities.service.ts", "line": 27 }, { "id": "javascript.browser.security.eval-detected.eval-detected", "severity": "medium", "type": "security", "description": "Detected the use of eval(). eval() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\common\\services\\security-vulnerabilities.service.ts", "line": 42 }, { "id": "javascript.browser.security.eval-detected.eval-detected", "severity": "medium", "type": "security", "description": "Detected the use of eval(). eval() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\common\\services\\security-vulnerabilities.service.ts", "line": 88 }, { "id": "javascript.browser.security.eval-detected.eval-detected", "severity": "medium", "type": "security", "description": "Detected the use of eval(). eval() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\core\\domain\\entities\\order.entity.ts", "line": 37 }, { "id": "javascript.lang.security.detect-child-process.detect-child-process", "severity": "high", "type": "security", "description": "Detected calls to child_process from a function argument `format`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. ", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\controllers\\order.controller.ts", "line": 77 }, { "id": "javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal", "severity": "medium", "type": "security", "description": "Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\controllers\\order.controller.ts", "line": 107 }, { "id": "javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal", "severity": "medium", "type": "security", "description": "Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\controllers\\product.controller.ts", "line": 84 }, { "id": "javascript.express.security.audit.express-res-sendfile.express-res-sendfile", "severity": "medium", "type": "security", "description": "The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\controllers\\product.controller.ts", "line": 85 }, { "id": "javascript.lang.security.insecure-object-assign.insecure-object-assign", "severity": "medium", "type": "security", "description": "Depending on the context, user control data in `Object.assign` can cause web response to include data that it should not have or can lead to a mass assignment vulnerability.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\persistence\\repositories\\order.repository.vulnerable.ts", "line": 42 }, { "id": "javascript.lang.security.detect-child-process.detect-child-process", "severity": "high", "type": "security", "description": "Detected calls to child_process from a function argument `id`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. ", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\infrastructure\\persistence\\repositories\\product.repository.ts", "line": 66 }, { "id": "typescript.nestjs.security.audit.nestjs-header-cors-any.nestjs-header-cors-any", "severity": "medium", "type": "security", "description": "Access-Control-Allow-Origin response header is set to \"*\". This will disable CORS Same Origin Policy restrictions.", "file": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias\\src\\main.ts", "line": 18 } ], "summary": { "total": 13, "critical": 0, "high": 4, "medium": 9, "low": 0 }, "metadata": { "scan_duration": 19213, "target": "c:\\Users\\Jezuz\\OneDrive\\Escritorio\\Quarksoft\\Miguel\\PruebasUnitarias", "timestamp": "2026-02-04T02:19:47.057Z" } }

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/JesusDavidQuarksoft/MCP_Security'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

sast-semgrep-1770171567884.json•7.44 KiB